WIRELESS WEB WORKSHOP
DECEMBER 12, 2000 FEDERAL TRADE COMMISSION THE MOBILE WIRELESS WEB, DATA SERVICES & BEYOND: Emerging Technologies & Consumer Issues Tuesday, December 12, 2000
Federal Trade Commission
600 & Pennsylvania Ave., NW
Room 432
Washington, D.C. 20580 CONFERENCE PROCEEDINGS VOLUME 2 - - - - - The above entitled workshop was held on Tuesday, December 12, 2000 of commencing at 9:00 a.m. at the Federal Trade Commission, 600 Pennsylvania Avenue, Room 432. P R O C E E D I N G S MS. ROSENFELD: Good morning, and welcome to day 2 of FTC's wireless workshop. My name is Dana Rosenfeld, and I'm the assistant director of the Office of Director here in the Bureau of Consumer Protection. A couple of just housekeeping notes. There are demos that are continuing to run in the cafeteria all day, so when you get a break, please go up and check those out. The other thing is I would like to thank the Wireless Advertising Association and Wiley, Rein and Felding for providing the wonderful breakfast we had here this morning. We're going to open with a panel on the introduction to privacy and security issues, but before we do that, Commissioner Thompson, who is in Europe, is here by videotape and will make a few introductory remarks. PRESENTATION BY COMMISSIONER THOMPSON VIA VIDEOTAPE MR. THOMPSON: I welcome you for the second day of our workshop on mobile wireless technologies. I have long followed the development of wireless technologies, and I have previously spoken about the impact of new information delivery platforms on the future relationship between consumers and industry. I'm sorry that I won't be able to join you, but if I carried a satellite phone or a global positioning system, perhaps you would be able to find out that I was somewhere in the Hague talking about online ADR, and that's one of the wireless privacy problems that you'll be talking about today. Yesterday, we all had a chance to learn about the breadth of exciting business and technological opportunities presented by the wireless world. These opportunities are not expected at some time in the distant future. Instead, they're at our doorstep right now, but we've also learned that these opportunities impose important challenges, and today we will focus on some of these challenges and how they should be addressed. More specifically, we'll examine three topics that are particularly relevant as wireless technologies develop: Privacy, security and the form that advertising will take in this new medium. Now, the Commission has examined these issues in the context of online commerce and how they relate to the FTC's core consumer protection mandate. Now, we're seeking to learn how they'll develop in the mobile world. This workshop provides a forum for all of us to get to know the companies and issues involved in creating these products and services. It also provides us with an opportunity to engage in an interactive dialogue between government, industry and consumer advocates about how these issues should be addressed. Now, I think we all recognize that this is a rapidly changing area. Accordingly, our responses should be creative, flexible and organic built with an ability to embrace change. At the same time, however, I hope that we will have laid the foundation for a continuing discussion of these issues in the upcoming months, so thank you again for coming, and I hope you'll find this workshop fun, informative and thought provoking. PANEL ON INTRODUCTION TO PRIVACY & SECURITY ISSUES PANEL MEMBERS:
DANA B. ROSENFELD, FTC, Moderator
DONALD A. BROMLEY
LORRIE FAITH CRANOR
ALAN DAVIDSON
DAVID MOORE
LAWRENCE PONEMON MS. ROSENFELD: Thank you, Commissioner Thompson. If the first panel would like to come and take their seats, we'll get started. As Commissioner Thompson just highlighted, along with the exciting opportunities mobile wireless technologies offer come a host of issues that will affect consumers as wireless providers introduce new equipment, services and applications to the U.S. market. The first panel today is introduction to privacy and security issues. We plan to give you a broad overview of the privacy and security issues that will affect consumers and guide public policy discussions as consumers increasingly take advantage of mobile wireless technologies. With me to discuss these issues are Donald Bromley, the practice leader for the wireless risk management service group at Fiderus Strategic Security and Privacy Services. MR. BROMLEY: Good morning. MS. ROSENFELD: Dr. Lorrie Faith Cranor, a senior technical staff member in the secure systems research department at AT&T Labs Research. Dr. Cranor is a chair of the Platform for Privacy Preferences Project (P3P) specification working group at the Worldwide Web Consortium. Alan Davidson is an attorney at the Center for Democracy and Technology. David Moore is the president and chief executive officer of 24/7 Media, and Dr. Lawrence Ponemon is a partner and global leader of compliance risk management for Pricewaterhouse Coopers and is the founder of its privacy practice. Peter Swire, who is the chief counselor for privacy in the Office of Management and Budget, was supposed to be here this morning but unfortunately was not able to make it, but he did ask me if I would read a statement that he prepared. "I'm sorry that other events made it impossible for me to join you at this important panel today on wireless privacy. For wireless technology to develop to its full potential, consumers will clearly need to have an understanding of how their personal information is used and confidence that it will be used only in ways they approve. "I particularly draw your attention to an issue that has been a major theme of the administration's privacy efforts, the strong protection of medical and other especially sensitive information. Wireless users will sometimes be medical patients. What rules and practices will be in place, for instance, for the information that a user has visited a psychotherapist or an HIV clinic? "Whatever privacy practices develop generally for wireless information, I urge you to consider how to build an infrastructure that will also assure proper privacy protections for the most sensitive information." And with that, I will turn to our panel, and really -- I'm sorry, before we get started, I want to let those know in the overflow room and here that we will be taking again questions from the audience about 20 minutes before the end of the panel, and that will be at approximately ten o'clock. And, panelists, if you would just let me know when you want to respond to a particular question, if you want to put your tents up or raise your hand, that's fine. First really just getting into the basic issue here is what type of information is collected when consumers use wireless devices and who is collecting that information? I think before we talk about whether protections need to be in place and how those protections work, really the fundamental question here is what information are we talking about? Would anyone like to get started with that? David? MR. MOORE: I think Alan raised his hand. MS. ROSENFELD: Oh, I'm sorry, Alan? MR. DAVIDSON: I didn't raise my tent though. Well, I'll jump in and start and say, first of all, thank you for having us, and thank you for having this workshop because I think this is continuing in the Commission's excellent tradition of looking at these issues, trying to get ahead of the curve thinking about a lot of these issues early on at a time when they can make a real difference, and so I think that this is an excellent effort. There are huge looming privacy issues in the wireless space because of the collection and aggregation of new information that was never before collected and aggregated in new ways and in ways that the consumers don't understand, and I think you start off by asking the right question, what are we talking about? In addition to -- well, to start with I think the same kinds of information that we are concerned about in both the off line and the traditional online Internet environment, both personally identifiable information, transactional information about what people are doing online and how they're using their phones, that can be very sensitive, but beyond that I think there's some particular challenges in the wireless environment because of different kinds of information that we didn't collect before. Of course, the biggest one and one that we've talked about already in this workshop is location information, and it's the snapshots of location that service -- that providers of services in the wireless environment may be getting that can create when aggregated over time a very detailed and invasive dossier of a person's movements in a way that we never were able to collect before, so that's a starting point. The carriers, in addition, when we were talking about not just carriers but others who may be collecting this information on a regular basis, we may be facing a situation where individuals are having their location tracked in a detailed way, in a way that was never available before through probably any technology being applied to a hundred million users in the United States who don't necessarily know that this is happening, so that is a huge element of this. Another big piece of this is the fact that the information is very closely linked to identity. We're seeing the downstream transmission in the wireless web context perhaps of a mobile phone number or a unique user identifier that may be transmitted outside of the carrier to other individuals and may be collected. And in the case of mobile phone number, of course that's a very sensitive piece of information for a lot of consumers. In the case of a unique identifier, there's an additional issue in the sense that I think individuals are more closely linked to these wireless devices than we've seen in other environments, that a person's wireless device tends to be really theirs and theirs alone, and it's less sort of the kind of thing where there's a computer in an office or a house where an IP address may be used by many different people. So there's particularly -- there's extra issues there, so we've got problems, the traditional problems that we've seen in the off line and traditional online environment plus this extra information that's being collected both by carriers and by those downstream. MS. ROSENFELD: Larry? MR. PONEMON: Well, I agree with everything that Alan says. Can you hear me, by the way? Good. The major issue in my mind is that you need to have very significant personalization to have success in the wireless environment. If you don't have that level of personalization, basically your Smart device, something like this Nokia that I'm holding here, becomes meaningless. All of it is SPAM. You think it's bad now, you're sitting down with your family and you're having dinner at six o'clock in the evening and the phone rings and it's the guy from a financial service organization trying to sell you insurance, right? Well, now it's going to happen all the time, right, because now you have one of these devices, but understand that with personalization, you could actually express in clear and concise language your preferences, and you could turn it off or you could turn it on. You could be the recipient of the messages that are important to you, and that's real important. The flipside of personalization is in order to do it right you have to collect a lot of personally identifiable information, and included in that quandary would be locational information and velocity information. Just like a boat on some water where you can triangulate a position, we're seeing technology today that could actually figure out where you're heading and how fast you're going to get there. So suppose you like Starbucks and at ten o'clock you normally have your cafe latte, right? This is your cafe latte time. It's 9:58 you're going to get a phone call and it's going to be someone from the local Starbucks telling you, Hey, if you make a right turn right now we're going to give you a 10 percent discount, and if you're a consumer, that might be a good thing. But if you're not interested in that or if they basically called on the wrong person, it basically starts moving in to the SPAM zone. This personally identifiable information, I'm not a security guy. I'm a privacy guy, but on the security side, that information as far as I'm concerned is top of the line. This is as bad as it gets if it gets into the wrong hands, so you basically have to build the right security infrastructure. And quite frankly a lot of companies that are starting to move in this space pretty quickly might not have the resources today to build that infrastructure. So those are some of the issues. May I respond to one other point very quickly? MS. ROSENFELD: Sure. MR. PONEMON: And that is the concern that was expressed yesterday. If you're a physician, a practicing physician, you might want to use a Smart device like a Palm Pilot to collect information about patients, and there are many business models currently that require the physician to actually use that type of device. And in fact I was told that one Palm Pilot, I think it's a Palm VII, can collect up to 14,000 records, 14,000 patients. Imagine if you're like me and you're absentminded and you leave it in a cab? So we're basically dealing with just basic blocking and tackling issues as well as the whole wireless environment. The device itself needs to be engineered in ways that allow you to have immediate turn off, the immediate ability to track it if it's lost, so those are other issues that hopefully we'll try to address. MS. ROSENFELD: We'll try to get to the security issues a little bit later, and those issues of course are exacerbated when everything -- all of your devices are converging in to one single device where all of your highly personal information may be held. I think Don was next. MR. BROMLEY: And I agree with Larry. In order for these devices to have any value to you as a consumer, the content needs to be very highly personalized, and from that viewpoint, it's not just that I like Starbucks, but it's if I'm traveling, it knows where I am. It knows the state, whether I'm working or it's pleasure travel, and it presents to me information that's relevant and timely to where I am, who I am and what state I'm in, whether it's work state, leisure state or whatever, and then it becomes of real value. But again that provides some real opportunity for abuse of that information. If I'm collecting and bringing together all that kind of information, I know a lot about you. I know a lot about your habits. I know a lot about where you are, who you are and what you're doing at any point in time. It sounds somewhat Orwellian, but it's true, and this technology is available and generally distributed today. It's not something that's ten years off. MS. ROSENFELD: Lorrie? MR. CRANOR: Yeah, I just wanted to comment on what types of data are actually available today, and I think this is definitely an evolving thing. From my understanding today a typical cell phone that most of you have in your pocket actually sort of phones home every ten minutes and identifies where the nearest cell tower or cell site is to it, and if you're out in the country, that means they can locate you to about 30 miles, but if you're in the city you can be located to about two blocks based on that. And so this is happening today. For the most part service providers are not archiving this information. They just keep it until the next ten minutes when you check in and they find out you've moved to the next cell site. It's a huge amount of data, and for the most part they don't have anything that they're doing with it, but there are a lot of interesting business models that we've been hearing about that of course could make some really valuable use of that information. And it's really nice in these business models to know not only where you are now and where you were ten minutes ago but that for the past two weeks you've come here every day at this time, so keeping that kind of data is something I think we're going to see more and more of in the future. We're also going to see it get more precise. Instead of knowing just to the nearest cell site, we're going to know within a few hundred meters of exactly where you are, and that's something that once you have GPS capabilities, that you're going to have. There's also the issue of who is going to have access to this data and what form it's going to be in, so you may actually opt in to a customization service that you may say, This is very valuable to me, I actually want this service, I trust this service provider, it's fine for them to collect this data. They now have this entire dossier on you, and the question is, Who else might have access to it, and the service provider may be very trustworthy, but with a court order, now all of a sudden your ex-spouse or all sorts of other people may have access to that data. MS. ROSENFELD: We're going to talk about the Fair Information Practices in a little bit, but I think David wanted to comment on the initial question. MR. MOORE: Yes. I also think there's quite a few issues that we have to address, and I commend the FTC for getting involved early as this medium begins to evolve because there's many important policy issues that I think will need to be decided over the next 12 to 24 months that allow the medium to grow in a way that is conducive to consumers and industry. I think Alan identified a lot of the important issues, and I think Larry also brought up something that's very important, which is personalization. I think that it behooves us to help educate the consumers about the types of issues that they face when they go about buying a web phone for the first time and similar to some of the issues that we face in the E mail sector or the online advertising sector, consumers aren't all that aware of what types of tracking occurs and why some of that tracking is necessary in order for an advertiser to be able to advertise in a way that is conducive to ultimately selling their product. So I think that the opt-in as soon as possible is very important for consumers so that when they sign their first wireless carrier agreement, for instance, and all this information is laid out up front and that if they're interested in accessing content from the web through a WAP phone, that they have a choice. They could either pay for that content or they could accept advertising with that content. And if they accept advertising with that content, there will be a number of other items that they have to agree to that would enable that advertiser to know that an ad has been seen and been effective with that particular consumer. So my recommendation would be that the consumers are advised as soon as possible in the purchase of a wireless device and given the choice as to the type they would like to pay for the content that they will access. MS. ROSENFELD: I think these comments are a good segue into the next question which is: Is there agreement here? I'm hearing about notice. I'm hearing about opt-in choice. Should the Fair Information Practice principles of notice, choice, access and security apply in the wireless world? Larry? MR. PONEMON: I would just like to comment on choice. Quite frankly, David is absolutely right. I really like the opt-in model. I think that makes a lot of sense. Here's a practical problem. Actually there are two. Again looking at my Nokia, I hate to pick on this company. This is a great telephone, but look at the screen. Can you see it? I can't even see it. How do I know the privacy policy of a site that I'm visiting, okay? Some telephones have a larger screen, so you could actually build it out so you have eight lines, four lines, but it becomes pretty difficult from a pure mechanical point of view basically to use this to understand the full issue. I mean, it's difficult enough when you're basically looking at an Internet site in the wired Internet, right, to be able to understand what a privacy policy states. So I think we have to rely on other mechanisms. I think P3P and other ways of disclosing privacy preferences will become very important, and the other issue -- and it's not directly part of the Fair Information Practices is this whole issue of redress because the chain is so complicated, you know, who owns that data, so when you opt-in, you're opting in to what? And there would be different touch points with the consumer, the device manufacturer, the carrier, the ad serving company. All of these people will be touch points so when you opt-in or opt-out or whatever, when you express choice, who is honoring that and how can you test, how can you verify that that touch point is honoring that commitment? This is going to be as a practical point of view incredibly, incredibly difficult. Thank you. MS. ROSENFELD: Alan? MR. DAVIDSON: You asked the question, should the Fair Information Practices apply, and I think the easy answer is yes. We've said it before that consumers are not going to use systems that they do not trust, and they will not trust these new wireless systems if their privacy and security is not protected, and Fair Information Practices are a good starting point for figuring out how to help people protect their privacy in this environment. The FTC has laid out before it's framework for thinking about Fair Information Practices, notice, choice and consent, access, security, enforcement. All of those need to be applied here. I think we've -- Larry already started by giving us a window into how difficult it is going to be to simply apply them here. The devil is in the details, and the question of, for example, what is real robust notice on a device that's got a very limited amount of space to put up a privacy policy? How will we do choice in an environment where the consumer may not have a whole lot of visibility of exactly who is getting this information. Even in an opt-in setting, even if we use that has a starting point, opt-in when? Opt-in how? If it's just opt-in at the beginning of a creation of a contract with a wireless provider or even the creation of an interaction with a particular web application provider, that may not be enough, and so we're going to have a lot of work to do to try to figure that piece of it out, and it's going to be hard. MS. ROSENFELD: David? MR. MOORE: While there's a whole bunch of different technologies that are available for phones today, and it's been tough to find a standard here in the U.S. I think it's pretty clear that the Fair Information Practices principles are a standard that can apply not only to the Internet E mail but of course to wireless as well, and I think the real question is how those standards or those practices are applied to this medium. In the case of the opt-in and opt-out, it's pretty clear right now that there's no real standard for opting in or opting out right now. In fact, opting in or out might be pretty difficult in the medium as it stands today, and those are clearly policies that have to be established, but as I look at the practical use of that Nokia that Larry has over there, one of the great uses would be to be able to access a restaurant in midtown Manhattan, and in order -- a French restaurant in order to ask for that type of information and to have that phone feed back to you that Pierre's is right around the corner and there's reservations available. It's a real benefit, and I'm essentially opting in for that type of information, and of course the location I'm in is of critical importance here, so I don't know whether or not that type of activity would qualify as an opt-in at that point in time and whether or not that would transfer over in to other events over the period of time that I used the phone, but it would seem to me that that type of activity is something that we certainly want to promote and find ways to protect the consumer from that type of information going any further but being available at that point in time to provide valuable service. MS. ROSENFELD: Don, I think, wanted to comment on the Fair Information Practices question, and then I would like to move on to the issues you're already talking about but implementation, what are different ways to implement notice and choice, but, Don, go ahead. MR. BROMLEY: Yeah. I would agree that the Fair Information Practices Act really is a key in bringing privacy and security together because you can have security without privacy, but you can't have privacy without security, and when you bring those two together, you create confidence and trust, and that's what's going to explode the market with wireless devices. When people begin to trust and have confidence that the information that they're providing is protected and shared according to their wants and needs, then you'll see an explosion in these devices because they're very valuable. I can use this to make travel arrangements or make restaurant reservations, and I could even use it to vote. I'll preface my next remark with the fact that I do live in the state of Florida. My question to the audience is, How do I determine a dimple or a hanging chad with something like this? MS. ROSENFELD: So I guess we have some consensus here about the Fair Information Practices, but as I think Alan said, the devil's in the details. How will notice be given in an effective way in the wireless space? We've heard about possible notice in service contracts with carriers, P3P type technologies. Maybe there are other ways, pop up screens, a way to access notice at another place on your PC at home or making a phone call. Does anyone want to comment on that? Lorrie, I think you had your tent up, but go ahead. You can comment on the previous question. MR. CRANOR: Actually I was going to comment on that, although it's hard to resist on commenting on the voting and other things. In any case, yeah, I think that there are a variety of different ways to offer notice, and I think that at least initially I think the most obvious one is through service contracts, that you're not going to just decide one day to get a restaurant listing without actually being subscribed to a service that provides restaurant listings, and so when you had subscribed to that service that will allow you to get information about nearest restaurants or stores or whatever, as part of that there will be a contract which indicates what types of information they have to collect to provide that service to you and what they're going to do with that information. And so any opting that you're going to do will probably be done at that point, not each time you want to go to a restaurant. As also has been mentioned, P3P is another way that we can probably help facilitate notice and choice when you're doing kind of more web surfing type activities with your phone. It would be very analogous to when you're doing it on your PC. So I think that those are some of the main ways that you're going to get the opt-in and out. Also with the security, clearly we need really good mechanisms to protect the security of this data, but another thing that I think we need to do is find ways of reducing the amount of data that needs to be kept in order to provide the services, and I hope that will be addressed on the panel this afternoon. But I think that there's a lot of things that companies that are doing marketing, they have all sorts of fancy algorithms that allow them to try to match you up to different sorts of things. I think they can also use that in order to reduce the amount of data that they have to keep on you so it serves their marketing purposes without having this complete dossier on you. MS. ROSENFELD: Larry? MR. PONEMON: You know, I think we're starting to see the evolution of these new solutions that capture privacy preferences, and this is not just for the wireless environment. It's also in the wired Internet, but basically if you look at these technologies like P3P, I think that it basically provides half of the trust solution, not the full trust solution, and we have to remember that the other part of the trust solution is the company will honor their equipment and basically say, I'm opting in or opting out. There's a choice that you make, and you make the big assumption that the company will honor it in the same way that you make the assumption that a company's privacy policy is true. Empirical evidence would suggest that many companies post a privacy policy that may not be true completely, and so we have to keep that in mind, so the preference, the ability to capture consumer information is half of it. The other half is coming up with an enforcement mechanism that holds organizations accountable for doing the right thing. If you're not doing the right thing, you basically have to pay some consequences, and that's really the arm of enforcement and the arm of regulation, so I hope we get to discuss that as well today. Thanks. MS. ROSENFELD: Alan? MR. DAVIDSON: First off, I would definitely second those remarks in that the enforcement is going to be an incredibly important part of this, but we're going to be talking, I think we've already touched a lot on the search for technical solutions here, and I think the reason is because the kinds of mechanisms that exist right now seem like they may be very unsatisfying for the consumer in terms of protecting their privacy, the difficulty in putting up really good privacy policies that people can look at on this device, the difficulty of trying to figure out where the information is going to go and when it may be used downstream by many different providers you may not have notice of. That's one of the reasons why I think we're all looking for things like P3P to be expanded into the wireless environment to be able to find technical solutions that make this simple for consumers. We're talking about probably a much broader group of consumers using wireless devices, broader than who are even on the Internet right now in the United States. And it needs to be something -- the discussion about this needs to be something that consumers can understand that's simple, and we needed technology to help us out. The other piece of that, and I really want to echo something Lorrie said, is looking at how we limit collection, which is sort of an implicit part of the Fair Information Practices as articulated, but the fact is that if you collect this -- if a company collects this information people are going to try to get it, and that's not even thinking about commercial uses. What we're talking about is government access to information in a way that right now has very little privacy protections and also access to information in the context of civil actions and civil lawsuits, so this is all lawful access, but where the standards are very unclear and the information that could be collected is extremely sensitive, and we need to work out the rules for that too. The base line answer is if you can find ways to deliver the services without keeping the information, you'll be doing yourself a huge favor and the consumer a huge favor. MS. ROSENFELD: Don, I think you were next. MR. BROMLEY: Just briefly. I think Alan brought up a good point about the kind of information that may be discoverable in a civil action. Let's say, for example, you're driving one of the most popular SUVs on the market, and your in-vehicle information system is telling you that your tire pressure is low, and it's been telling you this for weeks, and you have a rollover accident and try to bring a civil action against that manufacturer, is that kind of information then discoverable in a civil action to claim contributory negligence? I don't think anything like that has been discussed in the courts, but it's information that's collected and available. MS. ROSENFELD: David? MR. MOORE: Well, I think a lot of these issues should ultimately revert back to the consumer and where this consumer has notice of what the issues are and then choice, and I think to a certain extent, it's a mistake to go overboard in terms of the protection of the consumer because you will find many instances where consumers are very willing to give information in exchange for a valuable service. Stock quotes are a great example here where a consumer can sign up to have quotes sent to their wireless device every 20 minutes, every hour, however often they choose, and in accepting that information, they're agreeing to a set of guidelines that that content provider will use in order to be able to sell advertising to that consumer in exchange for providing that content for free. And I know Lawrence mentioned earlier about accessing a site on your phone and you don't know really what their privacy policies are. In many cases you could argue that the carriers should have agreements with content providers that require privacy policies that are identical to their own, but at the same time then you've got consumers that might see an advertisement for a particular type of content that they think is really terrific that they would like to access, and I'm not so sure that they should have to go back through the carrier to be able to get that type of content. So while we're totally in support of protecting the consumer, I would caution that there's a point where you go overboard in terms of protecting them in a manner that actually becomes a disservice and makes it a lot tougher for them to get the content that they would like to receive. MS. ROSENFELD: That's a good lead in to my next question which you've already touched upon but: How should choice be provided and who should provide it? We've heard about putting it in service contracts, but isn't it possible that that choice could be a condition of providing the service, or is it more appropriate that choice be provided at each site or each location that the consumer visits and wants to obtain services or content from? Anybody? Larry? MR. PONEMON: Basically as I mentioned before there's a chain, and that chain requires a chain of trust, right? It's not just one organization. There are many parties involved, and quite frankly I think this is a great opportunity for some consistent form of disclosure that cuts across organizational boundaries. Consumers need to understand what they're getting into here, and it's not going to be that easy. I think about do you ever call up the telephone company and complain about a charge on your telephone bill? Have you ever tried to do that during the day? You know how frustrating that is? You want to kill, you want to kill, just very, very bad. So can you imagine if you're trying to figure out, Geez, you know I've opted in, now I choose not to opt-in or I want to change my choice? You need to have a process that works for the consumer, and I think it's a good opportunity for self regulation. I think if we can come up with a self regulatory program, I think the Wireless Advertising Association, John Kamp, is leading that initiative, really start looking into coming up with a self regulatory framework with teeth so that you could actually enable trust. That's what it's all about, but if you can't come up with the right self regulatory framework, then basically you have to look at government, so I think that that needs to be factored into that equation. I think I answered your question. I started going astray a little bit. I apologize. MS. ROSENFELD: So which parties are in the best position to provide notice and choice? Is it the manufacturer of the wireless device? Is it the wireless supplier, the carrier, or is it the content service provider? Anyone? Alan? MR. DAVIDSON: I think it's going to be all of the above. Sorry. The fact is the people who -- the organizations and entities that are collecting information obviously are in a good position to know what information is being collected to try to provide some sort of notice and choice to the consumer beforehand. But it may be in this environment in this network environment, in this architecture it may be something that everybody -- all of the pieces here need to work together for. For example, you can imagine a situation where a hand set can be designed in such a way that it provides very clear notice to a consumer through an icon or a light whenever information is being -- location information is being transmitted or collected. That might require coordination between the handset manufacturer and the carriers and maybe even the downstream application providers, and I think we're still in the early stages of trying to figure out how to build an architecture that builds that, but it's going to require that kind of coordination probably, but there are a lot of great possibilities here for designing architectures that make it really simple for consumers so that you just push a button when you want to send that location information or not perhaps. There may not -- some of the solutions that we're talking about, the network based solution where the carrier is the one who's providing the location information, maybe you're going to have to send something back to the phone to let the consumer know it's happening, but I don't think there's any simple answer that there's one party here, that's who's responsible. MS. ROSENFELD: Lorrie? MS. CRANOR: Yeah, I think it definitely requires all the parties to work together. I mean, already even in our very limited functionalities that we have where we have had situations of cell phones that are broadcasting the user's phone number or a unique ID. In looking at how to solve those, we've discovered that there's no one party you can go to, that in fact when you go to the service provider, while it would seem like, well, they're the ones broadcasting it, but actually the software in the phone is generating it to begin with. Well, where does that come from? Well, that's another company that provides the software for the phone. So until they change the software, it's hard for the service providers to change what's happening, so basically you end up with a lot of different parties that really need to cooperate to really make this work. MS. ROSENFELD: Don, then David, and then we need to move on to security so... MR. BROMLEY: I'll be brief. I would just agree with the previous statements and add that as Larry said, it's a chain of custody. It's a chain of confidence that has to happen so that every party has to be involved from the handset manufacturers to the carriers to your -- to the service providers and the ASPs and every party involved in that transaction has to provide that confidence that that information is being protected and used for appropriate purposes based on the consumer's choice. And again there's no easy answer to this, and it's a fairly complex process. MS. ROSENFELD: David? MR. MOORE: I'm also in agreement, but my agreement is more based on the need for educating consumers on a regular basis about the various types of tracking and choices that they have when they purchase a wireless device. I think education is our friend here, and to the extent that we can do more and more of it, I think it will allow consumers to feel more comfortable giving the information, personal information in exchange for services that they really value. Now, one last comment I have, many of you may be aware that Qualcomm has a product called Snap Track that they're working on which is little switch on your cell phone that allows you to transmit your location when you click the switch, and it sounds like a terrific idea. The real question in all of this is there's going to have to be an economic model that works for the wireless providers, the cell phone manufacturers, the advertisers, and it may be that that switch, as great an idea as it sounds, may not be economically viable in this arena, and as a result we'll have to look for other ways to give that consumer a choice when it comes to revealing their location. MS. ROSENFELD: Alan, real quick, and then we have to move on. MR. DAVIDSON: I just want to put a sharper edge on this one. When are talking about a massive coordination effort for a self-regulatory approach to work here. It's very early in the process right now. There's still a lot of opportunities here, but when you're talking about this many different people having to coordinate in this many complicated ways, different carriers, providers, handset manufacturers, you may be in a situation where it may be a very natural place to look for a base line of regulation. Before we go there, I think the answer is there's an opportunity that the technology presents to give people a lot more control, and if we can actively work in that direction, that is the hope here. We're talking about a very different kind of architecture than the architecture we've been used to, where there's a lot of different intermediaries, a lot of different players to have to worry about. If we can try to change that to give users back more of the control over how information is being used and what information is being generated, we'll do for ourselves a lot of favors in the future in terms of what kind of regulatory approaches are going to be needed and what kind of self-regulating approaches are going to work. MS. ROSENFELD: Thanks, Alan. Moving on to security, the initial question here is how secure is transmission of personal information in the wireless medium? We've heard I think a lot about consumer concern and perceived risks of transmitting information. Would anyone like to comment? Don? MR. BROMLEY: I think security has two aspects, and it's even more exemplified in the wireless arena today. There's the perception, and there's the reality. The perception is that the airwaves is where the vulnerability exists where people are setting up scanners and putting on headsets and listening to stuff on the airwaves. I would say that that is -- the probability of that happening, of anybody gaining any information that has any real value today is very, very small. The real vulnerability exists in a couple different areas. One is within the carrier networks, where those gateways are for web phones. The carriers own those gateways. It's the place where the transmissions are translated from wireless to wire line capabilities, so the carriers control security over those gateways is the key point in today's environment. Now, there's new versions of software and controls where that issue can be resolved. The idea though is to having of course the carriers to implement those in their gateways, and the problem with that is it becomes a political issue with them. Today they control that relationship. Today they own those gateways. Therefore, they have the power in implementing the new proxy gateways and some of the new technology they lose that policy to the service providers or other intermediaries so it's more than just the technology issue that's driving the adoption of those new and better technologies. Then again, once you get past that gateway, it's just the common security vulnerabilities of the Internet whether it's protecting web sites or protecting transmission, and then you have the handset. As I have to -- because of bandwidth issues, because of capability issues in the software, as I want to roll out new and more sophisticated applications, I have to bring down more information. As these devices become more capable of storing local information and doing local processing, what happens when I leave this in a taxi cab? Talk about identity theft. This is me. Depending on how that application is defined, depending on how the authentication is designed to the local device, it is very easy for someone to high-jack a phone number and a serial number off this phone and make phone calls on my bill. As these become data capable and transaction capable, that doesn't change, so those controls and procedures need to be designed into the applications. MS. ROSENFELD: Larry? MR. PONEMON: Again I have to admit here, confess, I should say, I'm not a security expert, but let me just tell you what I have seen in the last 26 years, a lot of -- in business. A lot of companies that are start-ups have a difficult time spending the real dollars required to secure their infrastructure. Security is usually at a lower level of priority. It's normally about getting your burn rate and getting some profitability, and it does create a lot of vulnerability especially when there's an area on the Internet where there are a lot of great young start-up companies, so if you don't put the dollars in to the security solution, the critical infrastructure, there will be significant vulnerability. It goes back also to some other issues, that there's an engineering opportunity as well because I spoke at an I-device conference a year ago, and in the audience of about 4 or 500 people were all engineers developing these Smart devices, these I-devices. They didn't have a clue. They never even heard about this privacy debate. They were just trying to build the best possible product, and so if we develop technology that is supportive of the privacy issue and the security issue as a starting point, I think we can solve a lot of the problems that would otherwise happen in the future. MS. ROSENFELD: Anyone else want to comment? Lorrie. MS. CRANOR: I agree that trying to build these things from the beginning is going to be really crucial, and I'm a technologist. I go to these security conferences, and one of the things that was really kind of a wake-up up for me is I went to an electronic commerce conference about a year ago, and there was a panel on mobile devices, and there were all these great experts from fancy universities who got up there and talked about their vision of the future. And they had these demos of these little devices that you put your shopping list in them, and as you're walking down the street, it beeps when you pass a store that has items on your list, and it radios in, and you can walk in there and your purchase is waiting for you to pick up. It's already paid for, and this sounded really fabulous, and I was sitting there thinking, but what about the privacy issues, and so during the Q&A, I raised my hand and said, What about the privacy issues, and they looked at me like I was from outer space, and they said, Well, we'll worry about that later. And it seemed to me that if you don't worry about it now, it's not going in there, and somebody even made a comment, Well, we can think of it like an arms race. We'll put in better privacy and security, and then they'll find ways around it, and when you do patch it on later, it definitely does become an arms race, and that's all the more reason it's important to design these things in from the beginning. MS. ROSENFELD: We're certainly glad you were there, Lorrie. Alan? MR. DAVIDSON: Me, too. I've had a couple of experiences over the last year being on panels on privacy at various wireless conferences, and I have to say, they haven't been well attended, and that may be more of a personal commentary than anything else, but I do -- I think there may be a take home lesson that people are not paying as much attention to these problems as early on as they should. Just on the security side, I think part of the security puzzle here is the sensitive nature of the information that we're talking about being collected by a lot of different people, so when you're talking about location information, especially a location profile over time or real time location information, there are real public safety issues regarding the security of that information as it's in various places, real concerns for people who might be worried about who might get access to that information. I think we may -- unfortunately we have to hear real horror stories before we start thinking about how to protect that information. Authentication's another variable, piece of the puzzle, and what the liability rules are for example for the average consumer who's used to buying Coca Colas with his cell phone according to the commercials but then leaves her cell phone in a cab and finds that other people are buying Coca Colas with it, you know, unanswered questions. MS. ROSENFELD: David? MR. MOORE: I think as Don mentioned up front that you can't have privacy without security, and I think that's absolutely true, particularly when you look at what will inhibit the growth of this medium and to a certain extent has inhibited the growth of online commerce today is that people are very concerned, particularly about their financial information. And if we're going to be trading stocks on our wireless devices, there has to be the proper type of security that makes sure that information is safe and sound. At the same time I think we talked at the beginning of this panel about medical information, very, very hot item with consumers as well as industry and everyone else, again critical to protect that type of information from getting into the wrong hands. And of course the last part of it is, and this is perhaps to a lesser degree on wireless devices. But particularly on the Internet people don't want others to know what type of content they access, and again I think that when it comes to security, we're going to have to find a way to protect those consumers from that type of information getting into the wrong hands. MS. ROSENFELD: Well, thank you everyone. This has been a very interesting panel. I think given the time we'll go ahead and move to the general audience questions. If you would give your name and your organization before you ask your question, please? MR. LE MAITRE: Marc Le Maitre with Nextel Telecommunications. Obviously the wireless carrier has a part to play in the security and privacy of this information. MR. DAVIDSON: A small part. MR. LE MAITRE: Just a small part. I'm interested in hearing your thoughts on timing because, Alan, I've heard you say thanks to the FTC for raising this issue before the event and Lorrie's saying we're playing catch up. I think without talking about Nextel's plans in this area it's fair to say that some of the carriers on an international basis are already delivering wireless location based services and I'm viewing this as an implementation issue at the moment, and I was wondering if you could talk us through where we are on the implementation curve, and is this a problem I should be worried about today or something I should wait for legislation in order to make a first move. MR. DAVIDSON: Well, I'll start by saying I guess you should -- I guess it's something we should have been worrying about yesterday, and I guess I was probably being more courteous than anything else to the FTC, I guess, although there are a lot of people who have not spent a lot of time thinking about this, so I'm glad that we're here. But this is happening now. You've said it yourself. This has been happening, that there are millions of consumers out there using devices, for example, where the location -- their location may be roughly, may be very specifically, is available in ways that they, for example, don't have any idea of. There are millions of people moving to use the web over wireless devices and without giving any thought to what kind of information is being transmitted downstream, so this is a problem that's very real for consumers right now, and the protections are not there. There are huge drivers. Some of them come from our government. We haven't spent a lot of time talking about the E911 or the CALEA mandates that many of us are concerned about may be pushing industry to develop systems that are not as privacy friendly as they ought to be. This is also a very real issue in terms of government access to this stuff, and I just want to jump in because we haven't talked about this yet, but to say every company in this industry ought to be supporting higher privacy protections in the law or location information vis-a-vis government access. This is something -- HR 5018 is a bill that got passed through the House Judiciary Committee that heightens the standard for location information. Right now that information is available to the local sheriff or the FBI without serious privacy protections in it right now, not anything close to the kind of probable cause Fourth Amendment protections that consumers are used to and we need to be working on this now too and get those privacy protections added in because consumers are going to start hearing about this, and I think people are going to react very negatively to the situation right now. MS. ROSENFELD: We'll be hearing just a little bit later about the E911 rules, and also we're going to focus specifically on the use of location based information but, Lorrie. MS. CRANOR: So even before you start talking about web, for just a normal cellular phone, when you make a phone call, your location information is recorded in your billing record by your service provider, and as I said, if you're in an urban area, that's about down to two blocks, and that information is on a regular basis requested by law enforcement to track an individual as well as to say some crime occurred in this area at this time. They may go to the wireless provider and say, Tell me everybody in your service who was in that area at that time. They really can't tell them everybody, but they can tell them everybody who made a phone call or received a phone call in that area at that time. MS. ROSENFELD: Any other questions? If you could -- I'm sorry, if you could just spell your name too for the court reporter, we would appreciate it. MR. DEVINE: Tim Devine, D E V I N E. The question has to do with whether folks are thinking about sort of cross channel preference respect, preference compliance provisions so, for example, folks have taken more and more care to express their privacy statements toward the consumer information on a web site, but the same company might have web contact with consumers and wireless contact, and the question I guess is what sort of compliance and very practical logistical measures are you seeing or hoping folks are undertaking to match up the preferences and to update them, so that you could foresee somebody saying in response to a web provided privacy statement compiling a fairly sophisticated preference profile for consumer data handling and consumer contact. But then the consumer saying in response to opt-in or opt-out opportunity on the wireless context, No, I don't want to be contacted in such a such a way or, yes, you can use my information in such a way, and it might be in conflict with what they've previously stated in the web and an 800 number and some other application. I'm just sort of wondering if people are thinking of sort of the cross channel preference setting. MR. PONEMON: Do you mind if I comment? MS. ROSENFELD: Larry? MR. PONEMON: We're starting to see a lot of local initiatives developing along these lines. There have been some rather radical ideas. There's a data integrator. I'm not going to mention their name, but they're quite, quite good and very interesting on the privacy issues, and basically they're thinking about coming up with a privacy cookie for every person in the United States, maybe in the world. They would be this cookie that respects an individual's preference, and you as the consumer could actually change and adjust your cookie. It's not that dissimilar to the P3P model, but it basically allows you to control all your choice on everything that you do. So if you have different preferences on M commerce versus E commerce versus the off line universe, you could actually specify that, but then it goes back to something really basic, really fundamental. It's about education. I think a lot of people are just unaware, and so there's this hype issue. People are concerned, and maybe they're overly concerned, and that's going to block innovation in this new technology, and then there's a side that education could actually help people who are not concerned today who should be concerned. For example, I talk about this story, but my mother is 80 years old. She basically is the most incredible user of the Internet. She buys everything over the Internet, and she gives all her information away, by the way, so this is very interesting. And when I asked her why are you doing this, Mom, she said, I'm going to die pretty soon, this isn't valuable, but understand that I think educating -- it's really what we've discussed before, what Dave discusses, about getting the consumer to understand this issue and to control it, and we're starting to see movement in that direction, but we have a long, long way to go before we have consistency across platforms. MR. MOORE: Ultimately it would be terrific to have the privacy cookie that expands not only from online to off line too because right now we confine our talks to what's happening online in terms of privacy, but if you go off line for a minute, you find that there's quite a few more flagrant violations of our privacy there than you find online. So from a cross channel perspective, I would suggest that we want to expand it beyond just the Internet, wireless and broad band into some of these other off line arenas so we have the ability to actually control what types of information go to industry both on and off line. MS. ROSENFELD: Thank you. Any other questions? MR. CHARTIER: Mike Chartier from Intel. MS. ROSENFELD: Could you spell your name, please? MR. CHARTIER: C H A R T I E R. MS. ROSENFELD: Thank you. MR. CHARTIER: This is for the panel about implementing one of the Fair Information Practices. You talked about notice and choice and security, but I think access is real interesting in this domain. If my location is information that I should have access to, then it ought to be a relatively simple matter for that ten minute polling that you talked about of the carrier when he finds your location to ship those bits down to my phone so my phone will always know where it is. And it would seem to solve some of the authentication problems because only a particular wireless device would get its location, and if you do that, then the wireless device knows where it is. I could contract directly with a third-party like Starbucks who could get the information from me without having going through the carrier or somebody that is the repository of all this information. And if you could do that, if third parties could get the information directly from the users, it would tend to remove some of the economic incentive for people collecting that information. MS. ROSENFELD: Anyone want to take that on? Don? MR. BROMLEY: Yeah. I would agree that with the nature of cellular communications, your carrier always knows where you are, but it doesn't know that I'm who I am. Again the example, if I leave this in a cab, it knows that my phone is in that cab, but it doesn't know that the next person that picked it up isn't me, so I have a local authentication issue or I have to authenticate remotely to the carrier to whoever to authorize services on this phone. And that's the real issue is the phone is me as long as it's in my hand, but once it leaves my hand, it becomes me in somebody else's body. MS. ROSENFELD: Anyone else? MR. DAVIDSON: I would like to comment. I would also like to say there's something very attractive about user control oriented solutions like that where the information is in the user's hand or it's specifically in the user's control. I think those kind of things are things that consumers are going to feel better about when they know they're the ones that have control over this information. The access issue, we didn't get into it. I mean, it's a very complicated issue. Of course it goes to a much broader question about all of the kinds of information that's collected over time by many different carriers and access to that after the fact and being able to verify it and take a look at it and make sure that it's correct. And it's going to be very difficult in this arena, I think we've touched on this, because of the fact that there's so many different parties involved here and the consumer doesn't necessarily have a clear understanding of who they are. MS. ROSENFELD: Lorrie, did you want to respond? MS. CRANOR: One of the things that I hope we'll hear more about this afternoon in the technology session is how much of this personalization information can we store on the user's device, and when I go to get a personalized service basically have my device engage in a dialogue with the service provider to just answer the specific questions needed to provide the service now rather than the service provider keeping my whole profile and everywhere that I've been. MS. ROSENFELD: Next. The mike is over there. MS. FAGRE: Danielle Fagre from O'Connor and Hannan spelled F as in Frank, A G R E. I have a question, a follow-up question to one of Dana's questions regarding choice. I've heard choice described as -- I've heard the Fair Information Practices described as both notice, choice, access and security and more recently as notice, consent, access and security, so it's kind of a two-part question, but the question is to me consent more implies opt-in, and choice implies either opt-in or opt-out. Is there a consensus that we're moving toward opt-in in the arena of advertising and M commerce, and if so, does the panel think that that will spill over into the financial services arena specifically which is right now opt-out under Gramm Leach Bliley. Thanks. MS. ROSENFELD: Who would like the first crack at that? Larry. MR. PONEMON: Yeah. Just let's talk about GLBA, Gramm Leach Bliley. A lot of our clients are having a lot of difficulty complying with GLBA today, and what went into effect November 13 but there is this window of opportunity through July 1, 2001. If you put the pressure on financial service organizations to move from an opt-out to an opt-in world, it would be unbelievable. It would just be unbelievable right now. I think the spiritual answer is opt-in is better than opt-out. I think choice, really honest capturing of a consumer's choice is what it's all about. We can give these labels, opt-in, opt-out, opt up. It's really irrelevant. It's about giving the consumer the power to make the choice, so one of the problems with opt-out or opt-in, excuse me, from a financial services point of view is the breakage, that if I basically allow the opt-in before you could actually use this information, you start to see that people just don't want to spend the time to read the disclosure, and we have one client that actually tested that proposition. They found that in an opt-out world, they would lose about 5 percent. In an opt-in world they would lose about 85 percent of participation so there are really consequences to financial services organizations right now. MS. ROSENFELD: Alan? MR. DAVIDSON: I would just jump in and say I think opt-in and opt-out it may be a false dichotomy here. I mean, we are really talking about trying to find informed consent, and I'll go back to say I think the devil is in the details here in a lot of ways in terms of trying to figure out what's going to give the consumers the feeling that they've got that kind of control. There may be a much greater level of granularity that's needed in terms of what people feel like they have the ability to chose or not chose in terms of which interactions, which kinds of information. That may ultimately be a lot more important than some sort of dichotomy here. I think you hear about a lot of people talking about opt-in because of the recognition that we are talking about some incredibly sensitive information here from the consumer standpoint. MS. ROSENFELD: Next question? MR. BARNES: Milton Barnes from Spirus, Incorporated. I'm kind of trapped back here. I'm not standing. My question to the panel has to do with education. I've heard some of you mention we need to educate the consumer. What form will that take from industry and government because the wireless environment is coming about because of people's need to move fast, and the American attention span is short, so how are you going to educate them on these complex issues of opt-in, opt-out, security and privacy in a form that's easy to understand and quick enough to hold them and get that information to them so that they can make an intelligent choice? MS. ROSENFELD: That's a great question. Does anybody want to take the first crack. David? MR. MOORE: Well, I think as we indicated earlier, the first step would be to make sure that that type of information is pervasive throughout the various chain of delivery systems that exists today, whether it's the wireless carrier contract, whether it's the content that's going to be provided to a user. I think to the extent we can put it in as many different places as we possibly can in a way that it's clear, robust and easy to understand, that's a great first step. Now, does the industry need to go further and spend a lot of money educating consumers? The question is who would do that and at what cost and what's the return on investment for a company to do that, so I'm not sure there's a clear-cut path to education that goes beyond just putting that type of information throughout all the various content and delivery systems and providers that exists today. MS. ROSENFELD: Larry and then Lorrie. MR. PONEMON: Basically I'm not sure if it's an education issue initially. It's an awareness issue. I think you can come up with powerful ways of communicating. On line for example you would be learning models, get people aware of their rights and their choices and the whole issue. Obviously you don't have to get into the technology discussions unless someone is really interested. There might be another little button you push if you want to scroll down, but there is something else we didn't discuss, which is educating the employees of companies that are providing this new technology. In my experience, as an auditor, the biggest vulnerabilities are inside the organization. It's not what you say. It's what you do, and a lot of organizations have a difficult time doing what we consider reasonable levels of compliance around the privacy and security issues, so training, education has to start internally, and then let's focus on the consumer. MS. ROSENFELD: Lorrie, did you want to comment? MS. CRANOR: Yes. I just wanted to say that one of the things we hope P3P will do is help serve to help raise awareness and educate consumers, so in particular once P3P is built into the consumer's web browser, when they see this little privacy light, that they'll get curious. They'll click on it. They'll want to follow it to get more information, and we hope that the software that gets developed will provide that information, not in this long legalese form, but in a more digestible format that the consumer will be able to understand. MS. ROSENFELD: Next question? MR. PINKERTON: Name is Mark Pinkerton, P I N K E R T O N. I'm with ClickSure. I just wanted to ask you, Larry, I saw you at the Microsoft conference. I would like to find out, is your account with Verizon Wireless, by the way, because one of the things that has come to light -- MR. PONEMON: No comment. MR. PINKERTON: One of the things I would like to ask, a number of us here in this room obviously have Verizon accounts. It's one of the largest cellular companies in the United States, and following on with what Larry said, it's recently come to light that when you open your account with Verizon, you probably -- you gave them your Social Security number. One of the things that has recently come to light is that, speaking to a comment that was made about the off line world, that Social Security number is displayed to every Verizon wireless employee in every single store in the United States. If you go in and buy a battery, they ask for your wireless account number. You give it to them. They pull up your account, and there displayed on that screen is your Social Security number, so I would like to ask the panel what could be done about what I consider to be an egregious release of personal information that I didn't opt-in to releasing that information to all of their employees when I simply opened my cellular account. MR. PONEMON: You start by killing people. That's the starting point. No, but in answer to the question, this goes back to the education issue, seriously. There is probably no logical reason, at least in this universe for collecting a Social Security number and having that as an identifier, but yet it's done. These are the practices that are done, and it's just the general idea more information is better than less information so let's collect everything, so I think we have to stop thinking in those terms. We have to understand how this information could be used. If it's not useful, at least let that be the first critical decision that a company like Verizon makes, and I will be changing my account. Thank you. MS. ROSENFELD: Anyone else? No. One really quick question. Then we have to wrap up. MR. WEITZNER: Danny Weitzner, W E I T Z N E R, with W3C. Just a quick comment on the education question, I agree with Larry. I think that the user interfaces here are going to have to do the lion's share of the education. If we've learned anything since the Florida vote it's that people don't read directions, and if you rely on people to read directions, we see the problems. My question is actually about security, and I wonder if the perfect is not going to become the enemy of the good here. I hear these comments about what happens when you leave your wireless phone in a car, a cab and then it's you and you've lost yourself. I mean, I've left my wallet in a cab, and it's a real pain in the neck. It's a bad thing, but we actually don't have the expectation that we can somehow secure our physical wallets with the level of kind of end to end perfection, and I'm just wondering for anyone's thoughts about how this is going to play out, whether we're going to kind of meet the practical expectations that people have of security that you can cancel your credit cards and that sort of stuff or where we're heading on this question. MS. ROSENFELD: Lorrie? MS. CRANOR: Sort of two thoughts on that. One is that there should be a way of canceling, especially if the wireless device -- there should be some way that I can send some code to it that basically turns it off so, yes, maybe it was vulnerable for an hour or two until I realized it, but after that it shut down. The other idea is that there could be basically a thumb print reader or something like that on the device itself so basically when I'm holding it in my hand I have my thumb on it and it's on. When my thumb is not on it, it's not on. People get scared about biometrics but this is something only between me and my device. That biometrics doesn't go anywhere else. MS. ROSENFELD: Alan? MR. DAVIDSON: I was going to say it's not knowable right now exactly what these security mechanisms are going to look like. What's important is that the redress for the consumer takes into account whatever kinds of security exists out there, so in the credit card context, my credit card gets stolen, I have a liability limit. The law actually got involved here in trying to help us come up with those base line rules. We're going to need the right kind of base line rules for consumers here depending -- we may have an extremely secure thumbprint activated device. We may have a device that's only somewhat secure, that's kind of got practical security. Regardless, there's got to be appropriate levels of protection for the consumer on the liability front to deal with that. Just real quick on the education thing, I would say I agree that the interface is the best place if it's done right for consumers to get to learn to understand this stuff. We really do have a big education job on the company side, on the employee side and for the consumers even beyond that as we try to make the choices right now, and right now we're engaged in education, kind of maybe not the best way which is the front page stories and newspapers about horrible privacy violations. And I think we're going to see more of those because we haven't I think been straight with people exactly about what kind of information is out there and how it might be used, and while it might be good for privacy advocates to get a lot of those front page stories, it's really not good for the debate in the long run. There's a better way to help consumers understand this, and I think we've got to try to pursue it. It may take some resources to do it. MS. ROSENFELD: Thank you so much to the panelists for a really wonderful discussion. (Applause.) MS. ROSENFELD: Thank you to the audience because those were really terrific questions. We appreciate that. We'll let the panelists take their seats, and then we'll move on to our next speaker in just a minute. This is not a break so please take your seats. (Pause.) MS. ROSENFELD: Okay. Everybody, please take your seats. Everybody? I don't want to have to name names. Please take your seats. Thank you. I think that panel really set the stage for the rest of the day, so as many of you know, the federal law requiring carriers to implement enhanced 911 or E911 is driving the move to location based technologies. We will now learn more about the regulations with a presentation from James Schlichting from the FCC. Mr. Schlichting is the deputy chief of the FCC's wireless telecommunications bureau. He oversees the bureau's policy and commercial wireless divisions. These two divisions are responsible for the bureau's rulemaking proceedings relating to commercial wireless services, the licensing of commercial wireless services and the review of the wireless license transfer issues involved in merger transactions. Mr. Schlichting? MR. SCHLICHTING: Sorry about that. Every laptop seems to be slightly different, where the buttons are put and how to get from here to there. Thank you for the invitation to spend a few minutes going over some critical issues relating to privacy on wireless devices, and what I'm going to focus on are the three key areas that the FCC -- both are federal laws, and they're also federal regulations, the wireless enhanced 911 service, CPNI or customer proprietary network information, and the Wireless Communications and Public Safety Act of 1999 which enacted some specific privacy provisions dealing with wireless location. What I'm going to do, generally I had an extensive set of handouts that I had included, including a somewhat longer version of my presentation here, plus some briefing sheets and more detail on the Commission's wireless E911 requirements and the like, so I'll be trying to run through those relatively quickly. Sort of the overview, wireless E911, the Commission's rules do require covered carriers, basically wireless and PCS carriers, to provide location information automatically to 911 call centers on calls from mobile wireless phones, and we'll get into more details on precisely what the Commission's rules require both in terms of timing and in terms of accuracy and the like to have a backdrop of what's going on in that arena. Customer Proprietary Network Information is broader than mobile wireless, but it's a key element to discussion of the privacy protections that consumers have with regard to common carrier derived information and the like. Then the Wireless Communications and Public Safety Act of 1999 specifically addressed the issue of privacy protection for location information generally, and also focused some specific protections on wireless location information. All right. Wireless E911, the Commission has had rules since 1996 requiring carriers to adapt their network to provide location information automatically to 911 call centers. E911 in the wire line world, I think people are familiar with. For a wire line phone, you dial 911. With E911, there is on the screen of the 911 call center the subscriber, the address and the like which means that when the public safety officer starts to talk to the person who's made the call, they start with an idea of where the person is, and so they can go directly to the question of what the -- what the emergency issue is and what necessary response vehicles and the like may need to be called with regard to it. Now, when we went to having wireless 911, it was both a blessing and a curse. It was a blessing in the sense that you could call from wherever you were with your wireless phone. You didn't have to find a farmhouse with a wire line phone or a pay phone or the like to make a call or you could call directly from your car or from wherever you were. The curse or the disadvantage is that while on an E911 call from a wire line phone, the 911 call center has on the screen your location. With a wireless call it's a blank screen, so the first part of the conversation oftentimes has to deal with -- an early part has to deal with trying to figure out where you are. In some situations the caller knows precisely where they are, and that's quick, but in a lot of locations, a lot of situations the caller doesn't know precisely where they are, and there has to be a dialogue, assuming a dialogue is possible, between the caller and the person at the 911 call center, so the length of the call, the amount of delay before emergency services can be dispatched is potentially much, much longer in the like and in some cases may not be possible, and so that's behind the mandate of having rules that require implementation of wireless E911. We've divided up broadly into both phase 1 set of requirements where the wireless carriers have to provide to the public safety answering points, that is the call centers, the telephone number of the wireless 911 caller, so there can be a call back in case the connection is broken, and secondly, the cell site or the base station receiving a wireless 911 call which is not necessarily precise. In fact, on some cell sites that could be an area that includes a number of square miles and the like. It just gives a general facility in most instances of where a caller might be able to be. Phase 2 is where the information will be getting more helpful, more accurate for purposes of emergency call situations. In particular, the requirement would be that a 911 caller would have to be located by latitude and longitude using either a handset based technology or a network based technology. Now, accuracy standards, what the Commission's requirement -- these are Phase II -- is a handset based solution to be in compliance. The location technology would have to locate you within 50 meters on 67 percent of the calls, and 150 meters for 95 percent of the calls. For network based solutions, our requirements are double that so it's a hundred meters for 67 percent of the calls and 300 meters for 95 percent of the calls. So in terms of how precisely will somebody be accurately located under Phase II, one, it's not as accurate as a global positioning satellite with all the money in the world to target you to the last three or four meters and the like, and in both cases they're going to be some calls where the senses -- the sense of the technology is where you might not be locatable at all which is why the last 5 percent and the like. That goes to a broader question because with regard to sort of what's possible today, the technology providers are on later in the day, but certainly the sense that we've gotten is that the locating cab and the cab at the corner of X and Y on a broad market basis for all cellular phones isn't something that's technically feasible today or again talking -- the providers can talk to what they actually do on their networks today. To be honest, my understanding is the information that carriers collect today include, one, the information necessary to do your bill, which is generally based on what the general vicinity is. If I call from Arlington to Leesburg, it needs to know I'm in Arlington as opposed to Leesburg or Richmond or the like. I don't pay a different rate because I'm on the corner -- this corner as opposed to that corner a half mile away, so for purposes of billing they have a general location, and then the other information they collect on a real time basis is, at least I understand it, where the cell phone is so that if somebody wants to call you, the network knows generally where to look. And that is the base station where you're located and the like, but as I say, that's my general understanding of what's going on right now as a general proposition but representatives from industry and the carriers can better address that down the pipe. Deployment schedule, in general the 911 call center has to ask for -- has to be able to receive and utilize the 911 information and be able to recover the cost. For phase 1, you would have to implement within six months of a PSAP's request. In phase 2, if you have a handset based approach the handsets have to be available October 1, 2001, and delivery of the information within 6 months of the PSAP request for a network based solution, a 50 percent coverage within 6 months of the PSAP request. That's very general. The slides I passed out and the handouts and the attached briefing sheets are much more detailed as to what the requirements are. So let me move on to Customer Proprietary Network Information. That is subject to section 222 of the act and it governs the use and disclosure by carriers of their Customer Proprietary Network Information, and generally it restricts the use of your CPNI without your approval, and section 222 also enables customers to have some control over the relinquishment of the privacy, presumption of privacy as they see fit. More particularly, under section 222 (c)(1), the Commission adopted a rule some years back that before carriers may use your CPNI to market outside the customer's existing service relationships, they had to get an opt-in method of approval, but the customers also had the right with regard to third parties to have a carrier disclose their CPNI to third parties upon affirmative written request. Now, the status of the CPNI rules, the U.S. Court of Appeals for the 10th Circuit vacated the opt-in portion of the Commission's rules, and that goes primarily to the use of information of your CPNI within the carrier for marketing and other purposes. It didn't go to what protections you have for release of information to third-parties and the like. We're in the process of preparing, initiating a rulemaking to address the 10th Circuit's opinion with regard to what the rules ought to be with regard to consent to use of your CPNI within the carrier. So let me go finally to the Wireless Communications and Public Safety Act of 1999. In particular, the 1999 Act added location to the definition of Customer Proprietary Network Information. Customer Proprietary Network Information is now basically information that relates to -- and I set the definition out there. It includes location of a telecommunications service subscribed to by a customer and made available to the carrier by the customer solely by virtue of the carrier-customer relationship. So CPNI goes to information, these particular types of information that the carrier has about you because you're their customer. Now, the customer approval requirement for CPNI generally is 221 (c)(1) and 222 (c)(2), and it provides, except required by law, and I think one example is the emergency services exception, or with the approval of the customer, a telecommunication carrier can only use or disclose individually identifiable CPNI of the telecom service where service is necessary or used in the provision of such services. As I mentioned earlier, there's more specific protection with regard to wireless location information. 222 (F) was adopted, and for this the carrier actually needs the customer's "express prior authorization" in order to use or disclose call location information concerning the user of a commercial mobile service or the automatic crash notification information and the automatic crash notification system operations that are found in some cars and the like to anybody other than -- any person other than for use in the operation of that system. Now, there are some exceptions to this protection and particularly emergencies. 222 (d)(4) permits three emergency related disclosures of your wireless call location information where this express prior authorization is not needed. I thought these were so important that I quoted them in their entirety, but the focus would be -- these are very much emergency service related circumstances or situations, and the information is to be used solely for that purpose and the like when it is provided without your express prior approval. Then the question of -- there is another provision related to emergencies of other subscriber information that can be released with regard -- released more specifically to emergency service providers, and this goes to the names, telephone numbers, addresses, and 222 (G) provides "The carrier shall release that information but only to the providers of emergency services for the use with regard to the provision of emergency services." So that's a very quick overview of a lot of information. What I have focused on and what the laws the FCC administers and what the FCC's regulations focus on is the privacy protections and wireless location information, the carriers, telecom carriers subject to the FCC jurisdiction have available to them and what they may or may not do. One of the questions that I think people need to worry about is when that information, location or otherwise, goes to folks that are not carriers, and it's not provided to the carriers' part of your subscription to a telecom service, these protections don't apply, but if you're talking about information that a carrier has by virtue of their relationship to you as a subscriber, these protections do apply. Sort of in the broader picture, as in most consumer areas, one needs to be sensitive to and aware and look at what permission are you giving when you give consent for the use of your information, whether it be wireless location information or other private information about you, make sure that you understand to the extent you're able how that may be used and when that may be used. So in any event, that's sort of a regulatory backdrop from the FCC's perspective of various laws and rules that apply, and I guess we will go from here in the sessions to hear from various folks in the industry involved in the technology that provides this information and industry efforts and the like to provide further information in this context, so thank you very much. MS. FINN: Thank you very much. We're going to take a very short break now to about 10:50 a.m., and everybody should be back here, but I want to advise everybody there are additional people doing demonstrations up on the seventh floor in the cafeteria today, different folks than were here yesterday, so even if you went by there, you may want to stop by and see who is here. (Break in the proceedings.) PANEL ON GENERATION AND CONTROL OF LOCATION INFORMATION PANEL MEMBERS:
DEAN C. FORBES, FTC, MODERATOR
MICHAEL AMAROSA
ARTHUR D. HURTADO
JONAS NEIHARDT MR. FORBES: Good morning. My name is Dean Forbes. I'm an attorney who works on advertising, privacy, fraud and related technology issues here at the FTC in the Bureau of Consumer Protection. Our last panel really segues into our next set of discussions and the discussions for the rest of the day. We're really taking about, at least for this panel, the balance between the generation of default in some cases, at least in the E911 perspective, location information that's transmitted for safety purposes with the maybe opt-in transmission of such information for either enabling E commerce, or rather M commerce, and personalization services, and what control the consumer has over that information,. I'm pleased to introduce our next panel of very technically savvy individuals, Michael Amarosa, Jonas Neihardt and Art Hurtado. This panel will present to you, make presentations on the technologies that reside behind really the issues that we're here for this two-day workshop to discuss. These issues are very technological in nature, but we have asked our panelists to present them in as much of a consumer friendly and laymen's presentation as possible. The technologies that are going to be discussed are terrestrial triangulation or a network overlay solution as well as a GPS or a hybrid of that I think is called Snap Track and finally a location information gateway. The panelists are Michael Amarosa who is the vice president of public affairs for True Position, Inc., out of New York City. His presentation will explain how location information is generated in a network overlay or terrestrial triangulation system; Jonas Neihardt, who is the vice president of federal government affairs for QUALCOMM, and he works on GPS and Snap Track GPS assisted technology. His presentation will explain how location information is generated in GPS based system or a Snap Track system. Arthur Hurtado, who is the CEO of Invertix out of Annandale, Virginia, his presentation will speak on Invertix's plans to serve as a location information gateway. Michael, just by way of background, he as I mentioned is vice president. He's vice president of public affairs for True Position, a position he's held since November 1997. He joined the company from the New York City Police Department where he served for over 24 years in various managerial capacities. For the last three, he was a deputy commissioner for technological developments. In this position he was directly responsible for the implementation of E911 for the city of New York. Michael? MR. AMAROSA: This shows a lot about my technological abilities, huh? Good morning. Thank you for this opportunity to speak with you folks this morning and tell you a little bit about wireless location privacy and how True Position works through this whole issue. True Position provides end to end wireless solutions that enable a broad range of location aware type of services. We were formed in 1992, and the original parent company of True Position was a firm known as The Associated Group, which had developed cellular properties in the upper New York City area, and out of that we started to get into the location technology business. Our main offices today are in the King of Prussia area in Pennsylvania just outside of Philadelphia where we have over 120 direct employees. We are one of the largest companies solely dedicated to wireless location capability, and our technology has been very well proven over the last several years in terms of our product and our organization's ability to deliver. Recently we were purchased by Liberty Media, and we became a subsidiary of the Liberty Media Corporation. True Position was one of the first companies to put a privacy statement up on its web site. We are totally committed to maintaining the privacy of all individuals. In fact, we've recently guarded against it and protect against it. Now, when we say that we talk about privacy in the context of location based services. When you deal with enhanced 911, the implicit consent is constantly there. I can call upon my prior experience. I mean, finding people in emergency situations, reducing response times saves lives, and I think anyone who calls 911 today is looking to be found, is looking for services to get there in a very expedited fashion, so I think that discussion aside, when you look at the additional services that are provided, this location information is only provided to those that people ask for help. People that subscribe to these types of services, we do not dispense any type of information regarding a customer or a subscriber absent their explicit consent, and this is how the entire privacy issue has been governed in True Position. Privacy is very prevalent in today's society as we all know, financial records, medical records, history information, the Internet and all of the types of services that you're provided through web capabilities that we see today, and even our E mails, all of this is something that has become a very, very major topic that we have to deal with. There are considerable trade-offs of the conveniences we have today in this electronics and this personalized information. Privacy in some cases has to be looked upon very stringently by the consumer as to what and how they want to make available in order for certain services that they will receive. The entire industry has been working very hard to build in certain safeguards, and location is being treated very similarly to the way equipment is constantly looked upon. Two basic, basic questions, do location systems constantly generate location information, and do carriers constantly track the specific information as to where that caller is? The answer is no. Why? How does this work? True Position collects radio signals at the various cell towers. We put a box about the size of a VCR which is the network overlay, and that is placed right on the cell tower, and it captures that radio signal, and through a triangulation capability, through mathematical algorithms, we basically compute the X Y coordinates which I'll get into a little bit later, but that is -- doing that location based when we're asked to do. We only deliver records to these application providers again that are authorized by the users, and the application that receives this information is only for those specific requested services that the subscriber has asked for. Location and transfer points and location and control points are keys in this entire operation, especially when you're dealing with specific applications, traffic services, enhanced 411, concierge type services or road side assistance just to name a few. How do we do this? We do this through a basis of mathematical algorithms which process the signals that are captured from the device, whether that be a telephone or whether it be a kiosk type of device, and we calculate the location. Today on the network side there are many different types of capabilities. There's the angle of arrival capability which measures the angle upon which the signal arrives at a particular side, the time difference of arrival, which is the time -- you're measuring the difference in time when that signal arrives. As we all know there's global positioning systems which are based on the satellites, and there's several other systems that are basically hybrid type of operations which is the enhanced observed time difference and a combination of what we affectionately called TDOA and AOA. Again you should take note of the fact that radio signals of any device can and will be located, and these phones are basically radio transmitters. TP location systems today again are only calculating those of which we've been asked to do and go forward with. Where is this done? The location records are delivered to those application providers. You sign up for a particular service at a given point in time. You ask for certain things. You ask if you want to be part of a concierge service, you want to be part of a personalized traffic service. You sign up for it, and the user controls that security by allowing people to then take certain information they have. The end user will specify who location information is provided to. Records are not stored unless the subscriber service requires that and the consumer himself would have that capability ahead of time, and only those records are provided to those that are identified ahead of time, never using identity or profile information other than to the subscribed services. The applications that connect to these ports are basically for the specific records that are requested and when these applications have no access to any other records that are requested, so there is no mixing of what is going on so that the enhanced 911, the enhanced 411, the road side assistance, traffic services, fleet tracking, if that's some of the services that you are involved with, are not intertwined in a database where this information is shared unless that is requested by the consumer. When you dial and use your wireless phone, the number that is not associated with any location based services will not initiate any processing of the X Y coordinates. Therefore only those services that are linked will allow that to be identified or allow that processing to begin which could be within milliseconds and transmitted on to the application that we talked of earlier. Remember the consumer subscriber always has the ability to turn off and not allow any of these to be linked together. The carriers will eventually determine what services are offered. Again this will be a menu that the users will be able to go forward with. Again our privacy statement which emphasizes that what we have talked about, True Position is continually provided information and protected that information for the consumer and the subscriber and everything that they do. Thank you very much for this opportunity. MR. FORBES: Jonas Neihardt is the vice president for federal government affairs for QUALCOMM. In this capacity, Mr. Neihardt manages QUALCOMM's public policies and its relationship with federal executive branch and the U.S. Congress. Prior to joining QUALCOMM, Mr. Neihardt was director for congressional affairs with the Cellular Telecommunications Industry Association in Washington, D.C., a trade association representing operators of wireless telecommunication systems worldwide. Prior to that Mr. Neihardt served at the White House Office of Management and Budget as a program examiner for the federal telecommunications agencies. In this capacity, Mr. Neihardt provided budgetary and policy oversight for the federal telecommunications agencies during the Bush and Clinton administrations. MR. NEIHARDT: And I just got my show to come up. Thank you very much for having me today. I'm glad to have this opportunity to speak to all of you because I've been here yesterday afternoon and this morning. What I am hearing over and again is that the most interesting and exciting sort of killer app that's coming along for mobile phones is position location, and the area of greatest concern for privacy advocates is position location, especially highly accurate position location, which is what we've been developing, so I'm glad to talk about both of those contexts for this issue and hopefully increase your comfort level in the solution that we've been developing. I have a long presentation, and it's sitting out on the table outside. It's greater than a five minute presentation. I'm going to go through it very quickly, but I encourage you to take the presentation and focus in on elements that are of interest to you. Mike just gave a discussion of the network based position location technology, and all I'm going to say about what we have done is we found that for certain situations, the network based solution, it depends on triangulation, and if you are in a situation where you don't have your cell sites arranged in triangles given where you are, you are going to have a little bit more difficulty accurately locating your handset. So what we did to address this is developed a GPS assist technology which is embedded in the phone here in -- you see the red square there? This is part of the central processing unit of the computer, and what our solution does is integrates the GPS receiver into the antenna, in a colocated antenna. The GPS processor is in the CPU of the cell phone. I have one right here, same CPU as in the phone that's on the screen. In this phone, the processing of the GPS information is all done in your handset and then sent back to a box on the network called the position designating entity that Mike referenced where the calculation of the GPS data and information on time delay from the cell towers that the handset can see at that moment, information is all processed, and then your position is calculated. But the key thing here, and if all you take away from this presentation is this one thought, remember this is that with our solution, all of the processing power and the intelligence resides upon the handset and is only activated upon the manual command of the user, okay? You can't remotely tell the handset to process -- to initiate the process. The process has to be initiated by the user. Benefits are, we found in our testing we've got higher reliability. Again in situations where you are not able to achieve an accurate solution fix, we have the triangulation method, the GPS assist we found resolves this. It all solves -- this process getting done in the handset pretty quickly, and we found it's highly accurate, and so we're quite pleased with it. When you talk about accuracy, Jim Schlichting mentioned the 50 meter and 150 meter accuracy standards. This is a hotel on the waterfront in San Diego. The hotel is that sort of big white space. It's hard to really tell, but that's where the hotel is, and in front of the hotel -- there was a trade show there, and we had a person walking around with our handsets and the red Xs you see show his path. He started in the front of the hotel by the waterfront and was walking around, and you can see a 50 meter accuracy. That's an area of 150 feet. It's about -- it's bigger than this room, but it's about as far you can really make visual contact with somebody in an urban setting when there might be trees or bushes or cars. For police work we feel that -- the police feel that this is the standard that they needed, 50 meters, and you can get a sense of how far that is. You can see the cars parked in lines and those are boats in the marina. The picture is a little fuzzy. When you go to 150 meters, you see the circle goes on the other side of the hotel so it's a circle that could capture buildings and again obstructions in an urban setting that might make it difficult for you to find the person, and then when you go to 300 meters, you're talking about really a whole neighborhood. So I show this slide just to make a point that greater accuracy is better for public safety and something that we all in this line of work strive to improve. Now, getting to the privacy implications, as I said before, the key thing to take away from this presentation is that with handset based GPS, the GPS processor lives on your handset and is activated by the user, and I saw Mike's presentation. I understand how the controls they've had built into the system, and I have a better understanding based on Mike's presentation of how that system works, and that was a good discussion of that. And the difference is with the network versus handset is the network, the brains of the system of processing capability physically resides with the network, and with ours it resides with the handset so that's the difference. This is a matrix discussion of some of the same information so I'll quickly go through that. Safety again, higher accuracy means better safety. I'll just go through this quickly. A lot of folks over the last two days have talked about the types of applications that will come online. We've been mainly focused on safety and making sure that we've got a solution that meets the needs of law enforcement which we think we do, and we know that once we get our solution out in the marketplace there will be lots of folks developing applications for it. And conclusions, go back. We think we've really developed sort of the ultimate opt-in scenario here. Every time that you want to be located, you have to pound that message in to your handset and say -- either by dialing 911 or activating a location enabled feature, you have to tell the phone to find you, and that's about as personal as we think as you can get. So when is it going to get here? We actually found that our Asian customers have been very much pressing us to get to the solution out to them. In Japan we think we'll have handsets walking around out there in the Japanese marketplace in the first half of next year. In the declarations that wireless operators needed to make at the FCC in November, the major CDMA operators said they were going to either partially or completely use or rely on handset based GPS to meet the FCC's mandate, so we'll see it in America a little bit after we see it in Japan, and again the same thing in Korea. Our Korean customers also have been very active in their own markets, and then you also see the Samsungs and the Japanese manufacturer coming in to the U.S. with their sets that have the MSN 3300 which is this chip right here that has the GPS processor. And that is the end, but I have to -- since I have the microphone, I wanted to say, a couple times in the last day and a half I've heard said time and time again that European technology in the wireless sector is ahead of the United States and that the Japanese and other Asian countries are ahead of us too, and let me point out that neither the Japanese or any European manufacturers have anything like this, that this is one example where American technology is ahead. And I have to point out too that in the case of the Europeans saying that they're ahead of U.S. wireless technology, the reason the Europeans have -- they base that assertion on the greater penetration rate, and there's a greater percentage of the population in Europe that use cell phones than in the U.S. That's the basis of that assertion, and the reason that they use more cell phones in Europe than in the U.S. is because they have to pay metered local service for their land line phone service. They still pay a couple pennies every minute segment or however they meter it, which we don't have to do here. The local -- their land line telephone service is of what we would consider a poor quality, incomplete compared to what we're used to in the United States. We just have this great local phone service that we've been building on for 120 years, and that really doesn't exist anywhere else in the world, so that's why other countries have greater penetration rates than we do. And they assert that they have a lead, but in fact the whole reason why we're here is because mobile data is now possible, and the technology that everybody is going to use for mobile data is CDMA, which is a technology that was developed here in the America, and it was developed here in America because we had an open standards process. We didn't have the government mandate saying we can only use one wireless standard, and it gave entrepreneurs the incentive and opportunity to go and develop a better mousetrap, which they've done, and in fact in GSM land in Europe, they've already by government fiat decided they will at some point in the future stop using GSM and will use this American invention CDMA, which would not have been invented in Europe because by government fiat they said everyone will use GSM. And I think we'll see that kind of centralized Soviet planning, thinking, resolve and become less prominent as we move further into the 21st century, so thank you. MR. FORBES: Art Hurtado is chairman, CEO and cofounder of Invertix Corporation. His presentation is going to be a little bit different from the two you've just seen. Basically what Mr. Hurtado will be talking about is Invertix's plans for serving as a location information gateway. Among the things that he'll discuss are what his business model will be, who will have access to consumer's location information and on what terms. Mr. Hurtado? MR. HURTADO: Thank you. I just read on my cellular device that the Supreme Court is about to announce a decision soon. Everybody is waiting, but it hasn't come out, and the Florida Senate is supposed to -- or the Florida Congress is supposed to vote on their electors shortly, so that's the latest news via wireless for those of you who are tracking. Let's get right into this. Let me cut it down to about three or four minutes. Invertix is a B-to-B business company, if you will, and we reside in the wireless Internet space at the technology level between the wireless carrier word and the Internet M commerce world. That gives you a kind of a perspective of where we reside. We launched this year a commercial gateway both as a gateway and a stand alone service that is provided to wireless carriers nationally in Europe and in Asia, and this gateway, as illustrated here, really brings together a wide variety of folks out on the Internet and enterprise side, whether it's instant messaging or unified message, content, wireless, wireless advertising or mobile commerce through a gateway that hooks up to the wireless carrier world. So that brings with it all the interesting issues of where does the data reside, who controls the data, how is it used in the advance of M commerce and how is it used vis-a-vis the desires of the wireless carrier world which obviously has a great deal of concern about how that data gets used. From the architectural perspective, I threw in this chart at the last minute because I did want you to understand that we were at the technology level, but I also wanted you to understand where our privacy resides within the gateway and how we focus on that since the bulk of my presentation is going to be around privacy management. As you can see on the right-hand side of the inner box is the privacy area of the architecture, and in the lower right-hand side, you see privacy management system that is kind of turned on its side, and that connects through the appropriate APIs out in the M commerce world. That API, that privacy management system is a very powerful component of our architecture and was probably the first component that we architected, was how were we going to interface with the M commerce world. From the very inception of this gateway structure we have focused on privacy and privacy management and the whole permission based concept. On the left-hand side then there are a series of APIs that hook up with various components of the wireless carrier world that also bring with them a whole structure of security. Privacy and security as I said are central to our theme. We do build 100 percent permission based privacy gateway. IM Anywhere brings together location, availability, that's on or off presence for buddy listing, for instant messaging which we believe is the real next killer app followed by the others that have been discussed, and that's because of the European and Japanese experiences that we have seen. The permissions and preferences then are supplied by the carrier in conjunction or in cooperation, if you will, with the subscriber. For us the subscriber needs to be empowered. They need to have a very powerful experience when they're in this M commerce world. That's very essential if M commerce is going to thrive and really take off as we hope it will do. On the security side then that is replete with non intrusive options, with security, log on, passwords, physical security of the data as well as electronic security of that data. The privacy management system for this gateway really provides to the wireless subscriber the ability to control, manage and change and eliminate, delete, if you will, the privacy information or the personal information that establishes their relationship with both the carrier and the M commerce world. For the carrier, we want to protect their ability to private label and to structure and tailor that look and feel that is consistent with their advertising and marketing needs. The same way with the M commerce world, our campaign manager that interfaces with the M commerce world provides their look and feel that they need, but also provides that cut out or that barrier, if you will, to protect the data inside of the gateway from being accessed by the M commerce in an inappropriate manner. The permission based information that is collected and stored is the data that we have been talking about throughout this entire conference. The identity information, the personal information and interests and then the privacy management information which really is the key to how you the subscriber, the user, protects your information. Let's take a look at just four or five window shots, and then we'll be done. The privacy management system begins, as you can see in the upper left-hand corner, there are three little arrows, one called register, one called help and one called the privacy policy, so to begin with you can go in and study through the privacy policy as it pertains to you. Then you're able to configure your device. You get on to the web and you pull this menu down and you go in and you answer things like, May we tell others when your wireless device is on, no, yes, but only to selected companies. May we tell others your location and when your wireless device is located, yes, no, but only to selected companies. May we send valid or may we send you messages, I'm having a hard time reading the small print, yes, no, only to selected companies so you get the opportunity to really hone down and refine what it is you want to have made available across the gateway. Then we get into your permissions, whether it pertains to instant messaging, your device status, your device location and the types of messages that you want to receive, the same way with aggregators or with unified messaging, and in the blackout panel, we're able to structure your needs and even tie that to your PDA device. I'm in a meeting between two and four, don't want to be disturbed, don't want to be disturbed at these times of day, or I like to really receive the traffic you want to send me between six and eight in the morning or five and seven in the evening but don't bother me on weekends or do bother me on weekends. And the interesting thing about this is as we've gone to focus groups, we have found that there is a price and there is an interest for every individual and a focus group, and it will surprise you what many of those interests are, for example, let me know what the latest tee time is down at my favorite golf course. Something will drive some people wild and has no interest to others. So my point is that there's a great opportunity in cooperation between the subscriber, the wireless carrier, the gateways, the M commerce world to create fabulous opportunities for M commerce that could revolutionize how we do business in the future. Again interest can be selected in a very refined drill down method, and then finally once that's all set up, then the simple ability to change on the fly from your web phone or any data text message phone is made available, and these are actual screens off of phones that we have captured here. If we had some time we would go into them in some depth, but simply you can go in and log in. You have to use a password. You can change your password on the fly. You can decide that you want to change your permissions right on the fly for 15 minutes and change them back again in 15 minutes. It's totally within the empowerment sphere, if you will, of the individual subscriber. CTIA published on the 22nd of November in a news release their CTIA privacy principles that are shown on the left-hand side, four major principles, not heard any discussion about those in the conference so far, but I think they bear some discussion. Let me simply say that on the left-hand side they speak to, How do you inform the customer and how you do you collect and use the data, how do you give consent, how does a customer give consent in a meaningful manner, and the fact that it should happen before use and the security, integrity of the data and the uniform rules that should go along with that. And what we've shown on the right-hand side is kind of a report card for IM Anywhere to show that as you go down the list we have based ours in close compliance with privacy issues as we possibly can and certainly with the other regulations that are out there and being thought of. Thank you. MR. FORBES: We're going to have time for just one question at this point. In preparing for this panel, I came across a site by a provider of wireless location services, and I'll just read a quote from it. It says they maintain a location database. The location cache keeps a best known database for all subscribers, time stamp, latitude, longitude, confidence and source. And reading that I wasn't clear whether the information that was being talked about was being stored on the client's side on the device itself, kind of like a browser cache or maybe on a server side somewhere or both, and my question to the panel is: Where is the location based information located, and how long is it stored, and following from that, who owns the location of the subscriber? Is it the subscriber, the provider and how does that play into the control of data? Michael? MR. AMAROSA: Let me take the opportunity of trying to respond to that. I think as you can see the information on location basically is stored with the application provider at that point. Based upon the profile information that I would have provided, based upon my preferences that information would be stored there. Who owns that data? I don't think that's really clear at this point. I think there's a lot of it, and myself as a subscriber, that I have access and control over that data, what is provided as Art was talking about, and you can change things and create different types of scenarios based upon preferences, and based upon preferences of the hour of the day so to speak. There's been a lot of talk that the carriers own the location part of the data and what's coming over their network. I think these are things still open to discussion at this point. MR. NEIHARDT: On our system, within the phone itself there will be a record of the last couple calls you made. I think the current listing, depending on which chip we're talking about, is 10 or maybe 20, and those locations could -- for those 20 calls if those 20 calls included a location could be stored, but it would be -- in our case would reside on the handset. Now, when you go into part of the scenario that you outlined where you were actually using a third party, then you open up a whole can of worms, as the information leaves the control of not only the handset and the hand of the user but also the wireless operator and crosses that bridge to the third party. Then you have a whole other set of concerns that lie on top of that, but for our piece I can say it would have the last couple locations stored right here on the handset, and then as you kept calling, it would eventually fall off the register. MR. HURTADO: That's a really important question for this entire value chain from the subscriber to the M commerce world, and without getting into the legal answer of that, which I don't think any of us would purport to be qualified to speak to, keeping it in terms of where does it reside and how do you manage it, from the IM Anywhere perspective, obviously it resides in the gateway. But in terms of the ownership, the nonlegal ownership, certainly the data that we derive comes either from the subscriber or from the carrier or both, and so the carrier has the unique responsibility as to how they manage that, and that gets back to some of the issues raised yesterday concerning the walled gardens and the walled prisons. Carriers recognize today that they have a very large responsibility to manage that data in a very effective manner with all the privacy issues that are intact. Having said that, they also have a tremendous opportunity to monetize that data, and that's the issue. That's what this is all about, how do you monetize that data. Corresponding to the location data is the presence of information, that is, that you're on or off the net, that your buddy list is appearing as an instant message as an example, and third is the subscriber profile interest, the fact that one of us may want to have our interest known so that we can receive personalized, localized, customized kinds of information. From the gateway perspective, we believe that we're kind of in the lend/lease basis. We are lend/leasing, if you will, access to that data from the carrier world or from the location provider world such as True Position or whoever that might be or from the handset vendor. As we move that data to the M commerce side, then what we have to make certain is that the M commerce side does not come up with the same level of access that the carrier had, and that's the break out or the go between, if you will, the role that the gateways are going to play in the future and it's a very important question and it's one that is going to require a lot of working through very carefully. MR. FORBES: Thank you. Thank you all. I would like to thank our panelists for a great presentation. Our panelists' Power Points are available or will be available on the tables outside. Thanks. Our next presentation will be headed by Anne Maher. (Pause in the proceedings.) PANEL ON LOCATION-BASED SERVICES AND ADVERTISING: POSSIBILITIES AND PRIVACY CONCERNS PANEL MEMBERS:
ANNE MAHER, FTC, MODERATOR
JOSEPH ASSENZO
EVAN HENDRICKS
JOHN POLLARD
STEVE STUTMAN
MARCI WEISLER
REUVEN CARLYLE MS. MAHER: Hi. Welcome to our last panel before our lunch. My name is Anne Maher. I'm the assistant director for the division of advertising practices. Throughout the morning the panelists and presenters have talked about the feature of wireless communication, which is really different -- which is really different from any other media that we have experienced, and that is location information. In this discussion we're going to pinpoint, to use the lingo, the types of consumer applications that the availability of location information may generate and what the benefits and the drawbacks are of such location information to consumers. Our goal is to help put consumers in the position to understand for themselves whether location based applications will be useful to them and whether they will pose -- and whether location applications will be useful to them or whether they will pose threats to their privacy and security. And to discuss this issue, we are fortunate to have a really good panel here. Joseph Assenzo is an attorney from Sprint which offers wireless web services, including a wireless web browser that allows subscribers to access specially designed web sites and also for mobile users that GPS enabled phones soon to come out. Evan Hendricks, the publisher and editor of Privacy Times, which is a Washington based newsletter about information, covers the information world. John Pollard, the director of business travel and mobile services at Expedia.com, which currently offers Expedia To Go, a service that allows you to access travel information on the web and on cell phones and PDAs. Marci Weisler who is vice president of business development at Vindigo who has developed a personal navigation tool that delivers location specific content to PDAs. Steve Stutman, I should say actually Reuven is there now, Reuven Carlyle, VP for strategy planning at XY Point Corp., which is the provider of wireless location services, and Steve Stutman, who is the president and chief executive officer of ClickaDeal.com who just informed me that he was in traffic for an hour and a half, and I apologize for the mess that our city is in right now. MR. STUTMAN: I'm sure it's your responsibility. MS. MAHER: Absolutely. Each of these individuals and companies is affiliated with, is grappling with issues relating to how and whether to deploy location services and advertising consistent with their consumer relationship goals, and short bios of each of the panelists are in your folders. And before I pose the first question, I want to remind everyone that we will have questions and answers in the last 20 minutes, and so people who are in the overflow room can come up to the hallway here, and we'll have people with microphones to help them ask questions. So I think I'll begin now. I'll start with John, as a representative of Expedia.com, a company that's been putting a lot of money and effort into developing wireless -- applications for wireless services. What do you see as the so-called killer apps that we've been hearing so much about over the last couple of days, and that will use location information to enable M commerce and mobile advertising to work for companies and for consumers? MR. POLLARD: Well, I might disagree with the amount of money or the allegation that a lot of money is being spent. We could use more. These killer applications in the short term and in the long term, I think that all of us have imagined the commerce scenarios enabled by location based information, but I think that is a little ways off. We have a lot of things to sort out as these two days are making quite clear. I'm going to talk about what I do and what my team does because I think it's a killer application right now, and to the degree that a user allows information to have value added to it by location based information, what we do at Expedia, it just gets richer and richer. It becomes more and more value added. Expedia To Go is really a set of services that reach from everything from base line things like, I'm stuck in O'Hare during a snowstorm and want to know what flights are going when, what alternative schedules are, what alternative hotels, things like that, basic, basic, base line travel information that you would expect from any travel agent, but Expedia To Go has a broader vision than that. It's really about supporting the traveler when they're in the field. We realized a couple years ago that mobile scenarios are sort of by definition travel scenarios. There's a huge overlay of our customer base at Expedia with people who use mobile devices, whether phones or PDAs, and what these people need when they're on location is a great deal of the information that we actually provide on Expedia.com itself, the wired line version. The difference is that the information on the wired line version isn't very relevant when a person is stuck in a traffic jam in New York City, say. That's why mobile devices are so great. They enable us to extend the Expedia experience into the field, into the entire trip, and that goes from again flight information, to hotel information, things like that, but also that information that a traveler might not know such as where a restaurant is, where a great restaurant is that's near my hotel that is suitable for a business meeting say. And you can extend that idea into a lot of things in the travel industry which is an industry actually almost uniquely that has a lot of fixed costs, that suppliers are constantly trying to monetize in the best way possible, things like hotel rooms that where the marginal cost of someone staying there is about $10. It's really about cleaning that room, and wouldn't it be interesting when you travel to New York City or New York happens to be on your itinerary and your swing to the East Coast where two days before you get to New York, a hotel says, Hey, you know, I've got a room and you're not staying here, and I'll offer you this great room for X amount of money. Now, of course the opportunities for abuse are there, and at Expedia, we take this very, very seriously, and so I'll just plug our privacy policy right up front here. MS. MAHER: Let's leave privacy to later because I want to talk first about what the applications are that are out there and also what's useful to consumers. I thought, Marci, from Vindigo's point of view, could you add to that? What do you see as the applications that are available now and that will be available and will really spark consumer's interest? MRS. WEISLER: Sure. What Vindigo does is we provide a platform for the delivery of location based information to hand held devices. We work with leading publishers ranging from the New York Times to Zagat's to the industry one companies and deliver city specific information in a way that makes it very easy for the consumer to navigate. And by location based services, we're not necessarily focused on auto location and knowing where you are at. It's about putting in a location about either where you are or where you want to be and finding out what's in the world around you at that location. I think a lot of people in the industry have put a lot of emphasis on the auto location feature, but it's not necessarily always about where you are. A lot of times it's about where you're going, so if you are going -- you work in Midtown but you're going downtown to find a restaurant, you can plug in a location and get the nearest Italian restaurant to your destination. You can also going forward get coupons and special offers as John was saying that are relevant to the types of information you're looking for and the location, so we help you find that today on a Palm, into next year on all different types of mobile devices both unconnected as a Palm client side application and in the wireless world. MS. MAHER: Joe, did you want to add to that, and please just lift your cards put them up vertically if you want to speak. Joe, would you like to add to that? MR. ASSENZO: If Steve had accessed our wireless web, he could have found out about traffic delays because that information is -- that type of information is already on there. There are a number of applications that already make use of a customer's location. These are application also where a customer actually has to key in an address or location or Zip Code so, for example, we also offer a service on our wireless web if you want to locate ATMs in your area, it will tell you how to get to them and how close they are. All of these applications right now require a customer to key in that information, and I think those types of applications, personal navigation, is something that would be almost immediately available and we think accepted. MS. MAHER: Steve? MR. STUTMAN: The comments I would make, I've been doing wireless apps for 14 years so my perspective on these things is a little bit different, and insofar as we're a business that has to live by profit and is not backed up by 200 megaworth of venture funding so we can go buy lobster for lunch, the fact is that we look very simply at where is the money. And I think a lot of the applications that are discussed are very good, for example, the comments about incremental costs of hotel rooms. You don't sell them, they're burnt. You can't get them back in terms of inventory. On the other hand, we question whether once they go after the mass market or the premium market, and I think a lot of the people who are in this market tend to be sophisticated, high end business travelers, and a lot of the apps that they come up with are aimed at themselves. And I think that where you really want to go is after the other arguably 98 percent of consumers who being Americans go shopping in their cars, unless their area code is 212. So what we're doing at ClickaDeal is basically trying to go after the mass market, coupon guided M commerce opportunity. With respect to the earlier comment -- by the way ClickaDeal also thinks handsets are getting boring, not to offend any manufacturers in the audience, but whether your PDA is your phone or your phone is your PDA, pardon me, who cares. Your phone is an RF modem and come Bluetooth come 802.11, come whatever, your phone will RF enable your PDA, your laptop, your visor in your glasses, whatever you happen to be wearing. So as you go forward with this, what we've started to do in the last roughly four or five months is concentrate on the automobile cockpit for the North American market because we think that when Americans go out to do commerce that has immediacy, they're either in their car or just got out of their car or they're going towards their car. Once in your car, you have a display bandwidth, you have terminal bandwidth and without going into details you have channel bandwidth that you probably don't have on a handset. The things -- I'm sorry, you said to hold privacy until later? MS. MAHER: Yes, I thought -- I know we have a lot to discuss. MR. STUTMAN: So that's what we're doing. Initially, about a year and a half ago, a year and three quarters ago we had a location based directory that ran on a handset, put in a city name, put in a zip code. You might know it if you're going to visit someone in a given town. You might have his or her Zip Code because you have their business card. It would come up with some restaurants. It would come up with some gas stations, some motels, the usual sort of stuff. Obviously you're dependent on your database and the quality of your database in order for that to be good. Initially we thought, as everybody else does or has thought, Gee, we'll go to Holiday Inn and Dominos and whatever, all the rent a car guys that will put their information in, but even if you get all of those people, and we have not, the fact is that you still I contend don't really have a rich enough database to be truly useful. So I think one of the big questions that we all face is, how rich, how detailed, how granular is your database before any of the stuff becomes real hard core real, generates money. That said, I think I'll hold off until we get to the privacy issues because I have some specific comments then. MS. MAHER: Please everyone speak into the microphones so the overflow room can hear. Reuven? MR. CARLYLE: I think there's one thing we haven't touched on, and that's the enterprise market. The discussion today has been driven by the consumer market, and a big driver of that is travel, of course, the premium services around travel and where is the nearest I think in a voice environment, so where is the nearest ATM or in data environment, so where is the nearest ATM, where's the nearest -- so electronic yellow pages types of idea from your current location from a consumer point of view. From an enterprise point of view is, what we have is a lot of market demand from large companies to provide location based services for their mobile work force, so as well as getting into supporting some of the comments that Art made about the presence and the privacy and the location together, so knowing whether the phone is on or off, those kinds of functionalities in an enterprise environment are also I think from an application point of view what are going to drive the marketplace. MS. MAHER: I see. With regard to the location information, what do you think? Do you think it's necessary to make wireless work just because the technology is going to develop for the emergency 911 purposes? Does it -- does it make sense for the wireless business to have to use it, or can they use broader, more general location information? Do they really need to pinpoint specific information for it to work? MR. CARLYLE: I can take a shot at that. The whole issue of what was discussed this morning of the difference between proximity location, which is cell site or cell sector based location and precise location, knowing the actual X and Y coordinates of a user, is extraordinarily important with respect to looking at applications as well as the development of the marketplace. A lot of studies from Forester and others say that anywhere from 30 to 50 to 80 percent of applications will be viable just knowing the proximity of a user. Of course in New York City the proximity of a user is down to a couple blocks because there are so many cell sites on each corner practically. In a rural environment, the opposite extreme. It's up to 30 miles, and, it's pretty useless in terms of location information. Now, which applications are viable with proximity? Tough to know. A lot of experimentation currently underway with that. Precise location is better. I think none of us here can pretend there's going to be any kind of ubiquity in precise location in the next very large number of years, given not only the technical issues, but also the fact that the backbone in this country is currently being driven more by the 911 issue than it is the commercial issue, which is a catch 22 and I think unfortunate by a lot of standards. So you have a regulatory issue that is driving the wireless carriers under this obligation to move forward with the development of the technology, and then you have the commercial opportunity and the revenue opportunity that is driving it in other parts of the world, except at the same time you have U.S. carriers which are very much interested in trying to design applications that are going to pay for this regulatory obligation. So it is a catch 22 you have both those commercial and the regulatory obligation moving the technology forward, but I think as this forum has indicated, the real particular issues right now are the policy and the political issues that are having a substantive barrier in many ways toward the effective roll out of the services. And I think in many ways it's just very important to put on the table, and I think CTIA has made a real effort on the self regulatory side to step up to the plate and to provide some context for the development of these services, and I think it's a really, really critical realization that that is imperative before you're going to see really wide spread technical roll out of services. MS. MAHER: Joe, did you want to add to that? MR. POLLARD: John. MS. MAHER: I'm sorry. MR. POLLARD: Not to be a Luddite, I'm also a technology optimist in a big way. I think location based information is nice to have for some applications. At Expedia, we're a unique proposition, and we happen to know what airport you're flying to, what hotel you're staying at, things like that, and those entities are all geo coded on Expedia, and they have been for four years. We're in a unique position to deliver value based on your itinerary, but I also think for many Americans there's something you could do very simply called land marking. In conjunction with a web site, if you're in a small town or a medium size town or what have you, you can simply say, Here are the various places I tend to go, and reality is for many Americans, that's not a very complex or long list of places to go. And based on that, location information or deals and information can be given to the user. In other words, they don't need super specific within 50 meters kind of information. I know the five shopping malls that someone goes and shops at. Here's downtown. Here's the airport. Here are the places that constitute the 90 percent of places that I go to in my life. Land marking is a very simple way of doing it. I think location based services are going to be there so we will use them when it's available, but it's not absolutely necessary. MS. MAHER: Joe? MR. ASSENZO: That's true. That is one way that you could get location information without actually knowing person's point location. MS. MAHER: Could you talk into the microphone? MR. ASSENZO: We don't intend to pay for our E911 mandate through advertising. That's not the pressure that we're feeling. We will probably attempt to recover that E911 mandate through a surcharge to our end users. We will, however, be proactively entering the advertising space, and the pressure there is the pressure on our content partners to try to monetize their presence on the web because right now all of the services that they are providing are free of charge, and so they are feeling heavy pressure to monetize their presence. Advertisers are ready to go, and if we want our content partners to stick around, we're going to have to be able to meet that demand, but we're going to have to do that in a way that does not antagonize our customers. Our business is not advertising, and advertising should be something which adds value to our customers. We don't want advertising to be just another thing that promotes churn. MS. MAHER: Evan? MR. HENDRICKS: Just to answer that question, in the short run I think a lot of the M commerce applications are without location capability. They're based on the profiles provided by the participants. If you look at the Sky Go test, if you look at the Media Tube test over in Europe. Basically it's people signing up and saying, This is what I do. And there is a lot of advertising you can do to wireless devices that doesn't have to be location sensitive or at least the functionality of the device, but I think that -- I think it's good that we're dealing with that because there will be location functionality, and so I think it's inevitable that that will become wide spread and something that we'll have to deal with that becomes an issue. MS. MAHER: Steve? MR. STUTMAN: I think from a standpoint of serving ads to be concrete, obviously there's push and there's pull, and those are two fairly different scenarios with respect to what can be done as a function of profile. Having said profile, another thing I would say is that there are static aspects of this which is to say user profile, user preferences, the sort of land marking that was discussed, which I would sort of roll into the profile, and then there's a dynamic content, and the dynamic content can be vendor pricing. It can be delays at O'Hare, can be a lot of different things, but as soon as you've said that, the question is how are you building a history. And if you have -- static information by definition is sort of a fixed history, if you will, but I think what we're really going to need to discuss as we do get into the privacy issues is how you keep track of the stuff that is dynamic. It's one thing to say, gee, are you -- is the base station firewalled enough, is the server firewalled enough so that some kid in Moscow can't find out where you've been in the last 24 hours or what the last 32 videos you purchased were or what the last 15 deals that you responded to were or ads that you responded to. And it's another thing to say, Can someone go in and find your preferences, and I think that that's really what comes out of a lot of this discussion because the rest of it, I mean in a perfect world, you open up some device, you open up your Palm 26, and it's got -- it's got a T3 being served to it via RF, and it has a little tiny screen that looks really big and it only weighs a half an ounce. Having said that, that's a desktop experience you carry with you, and I only say that because I think it's almost important to look at what desktop commerce experiences are in terms of user preference and profile and then sort of project that into the M commerce space through the various sort of models that have been discussed here in the last few minutes. MS. MAHER: I think that actually is a good segue into the privacy issue since we've all been talking around the edges of it, and especially as we move into talking about profiling, and what are the issues raised by the location based information? Are the scenarios that we've all heard about, about mobile dating services being used by stalkers and car location systems being used by divorce lawyers and on the advertising side with respect to that Walt Mossberg raised yesterday of people being constantly annoyed by promotions coming up on their cell phones and being run up with annoying ads? What are the implications of these concerns? Are they real? Are the privacy concerns that we have in the regular traditional online world going to be enhanced in the wireless world? MR. HENDRICKS: Yeah, I think they're huge, and we've seen how privacy has had an impact on E commerce's development and acceptance by consumers. The failure to adequately deal with privacy has hurt E commerce. Then you open up wireless, which deals with location tracking potential, and that's ongoing surveillance, and if you also think the car is one of the last refuges of privacy in the United States and a sacred cow in America, it doesn't take too much thinking to realize that this is going to spark huge privacy concerns. And it's not just the location based tracking. It's the accumulation of personal details and the profiles that are dynamic that show where you're going, and that information can be stored by a third-party, and unless it's a carrier covered by the law described by the FCC official, that might not be protected by law, and then if you throw in advertising -- unwanted advertising on cell phones, you see that the whole wireless experience brings all the huge privacy concerns together, surveillance, SPAM, profiling and brings them together under one issue. Now, one of the things that I've learned going through the FTC seminars is listening to Chairman Pitofsky for instance talk about how E commerce is a pro consumer medium that gives consumers more choices to do more things at more times of day and gives them better prices, and that's true, and I think that is also true for M commerce. This has a potential to be a fantastically pro consumer medium, which I agree could transform how we do business in some of our commercial experiences and expectations, and we've seen, there's a lot of companies doing a lot of great work on it. But unless privacy is gotten right here, and I mean talk to them about them head to toe and comprehensively, a lot of the killer apps that you're hearing about will be dead on arrival. MS. MAHER: Marci, do you have anything to add to that? MS. WEISLER: Yes, as I think was said on the panel earlier this morning, in the mobile world you're carrying a personal device with you, and that's open to a lot more privacy abuses than when you're sitting at your desktop. You don't carry your computer with you, and there are ways to get good, personalized experience in an anonymous way that take advantage of general user profiles and general location that may not necessarily invade your privacy but can deliver a good consumer experience because I think ultimately it's the good consumer experience that's going to drive the wireless medium forward. MR. CARLYLE: I think we're all here because we recognize that there are extraordinary opportunities for abuse, and as in any sub culture, in any organization, in any industry, there are rogue elements, and I think there's a very real concern about the fringe elements in terms of those folks who would make a real attempt to abuse what this technology can enable. From a technological point of view, I think we all have to readily acknowledge that it is possible to at some point and to varying degrees of accuracy, but it is possible to essentially track a caller. It is possible to aggregate the data. All of those worse case scenarios, it is not a technical issue, it is a policy and it is a political issue, and it is right that we have to get it right from an industry point of view. And there's no evidence to suggest that we can't do it right at this point. It's just that the implications of doing it wrong are so serious that we have to have a real dialogue as an industry and as a public issue about getting it right. The other thing that's important is to recognize that the regulatory issue of the 911 issue as a driver of the technology to date does -- the law that was passed a couple years ago, as it was discussed earlier, does provide for location information in a general sense to be categorized as consumer information, CPNI, and that fact does set the stage for core protections of that data. That's not to say that there aren't elements in the industry that take a very extreme view that they feel like a customer's location or the aggregated location of where a customer has been should be available to the general populus, if you will, or to those that have the technology to capture that location outside of the wireless carrier network. That is a minority view. It is a very extreme view. Very few people hold that view, but there are companies that are real, that exist that hold that view as organizations, and we have to acknowledge that and put that on the table. It is absolutely the minority view. At the same time, though, the core driver of the industry has been the carrier's desire to explore the revenue opportunities, the carrier's desire to meet their regulatory obligations under e-911, and the fact is that the applications we talk about today and in the whole discussion, no one knows which one is going to be the driver or killer of the market, but a handful of them together are going to drive the marketplace, and they are going to be in the marketplace that add value to consumers. And it is a very pro consumer opportunity for services, but that's what getting it right is all about. MS. MAHER: And it seems from this morning's discussion also that where that information is stored, where the location based information is stored is also -- will also have an impact on how that information is treated, whether it's stored at the carrier, whether it's stored on a handset. Do any of you have anything to add to that? MR. ASSENZO: I think that really is important. It does have to be a good consumer experience, so whenever we disclose -- if there is going to be any disclosure of information location, it will always be permission based, and the receipt of advertising will always be permission based. We will establish business rules which our customers can invoke similar to what you saw Invertix demonstrate. But there is a real concern about where the location information will be transmitted from, and this was recently brought up at the WAP forum last week. I don't know if it was resolved. I doubt that it was resolved, but as we understood the proposition by certain handset manufacturers, the location information would be transmitted from the handset, and we are strongly opposed to that. We believe that the information should be transmitted from the network, and the business rules established in the network because our network is highly secure, it's protected by firewalls and all other types of security devices. A handset in contrast is at best a very simple computer, and it will be a lot harder to protect a handset from being hacked into by an unwanted third-party application than it will be, for our network, to be hacked into. MS. MAHER: Steve. MR. STUTMAN: One of the things I think goes to the SPAM or the annoyance factor is that your mobile device is much more a center of attention while you are mobile arguably than your desktop is when you're fixed. When your desktop is up, there's a bunch of other things going on. You're sitting down. If it doesn't work right or if you don't quite like something, you go to another site, and your brain goes elsewhere for 20 or 30 seconds. But if you're really paying attention to your handset and you're trying to look at this screen and you're getting a bunch of annoying messages, it really tends to, what's the polite term, irritate people, so I almost misspoke and I had to remember what town I was in. But that said, when you come to pull, and although I'm sure I can get a lot of contention from some people on this panel, we don't have a lot of two way apps yet running on phones because network penetration and coverage are not what you would like, and without going back to the QUALCOMM gentleman's discussion earlier, things in Europe and places like South Africa, believe it or not, are much, much better than they are in the U.S., whether it's Soviet thinking or martian thinking. And we're Americans. We're hip shooters. We have six or eight technologies deployed as they say, and it shows from a standpoint of network cohesion. That said, when you come back to the privacy issues, and I come back to is it static information or is it dynamic information, what we do at ClickaDeal on our terms of services is very clear. First of all, we say to the customer, Look, we're not going to tell anybody anything about you because we don't know who you are. We know your phone number because we need your phone number as a means of sending information to you, okay, or your pin or your cap code, whatever the wireless device might require, but we do not know that your name is Smith or Jones or Horowitz, okay? So first of all, even if the information was gotten in a worst case, somebody would be able to bother you over your telephone because they could call you or send you other annoying information, but arguably they wouldn't necessarily know who you were unless they had hacked the network provider and know that phone number thus and such is really John Doe. That said, I think it's generally important to focus on what kind of histories are kept, okay? We right now are thinking about basically cleansing our positioning logs every hour. That is, we'll know where you were in the last hour because that might be useful in helping you plot a traffic route or, you know, something that was earlier alluded to. But you know something, we're really not going to know where you were the previous week or two weeks or months because we're just going to get it out of there. It's also the case that -- I'm sorry if I said this, I don't know if I said this earlier or not, but again our terms of service say unless you have a court order we're not going to tell anybody anything, and we happen to have a very good CTO, and he understands firewalls, and basically you would have to hack us badly in order to get this information but you would then need the phone number to user correspondence to determine who the individuals were. But I would like to see perhaps some comments on people talking about histories that are kept in terms of preference, in terms of behaviors once those static preferences are set. But one last comment I would like to make on this issue is that from rather extensive experience with real users over the last 14 years, I think it is very, what's a nice word -- it's very optimistic to assume that people are going to read, if you will, all the fine print, whether it's presented on a screen or whether it's in some 12-page contract with respect to what your rights are and aren't and what we're going to do and we're not going to do. I think in order to get things accepted from an M commerce point of view, we need a very simple initial uniform, and I agreed very much with Reuven, I thought he had a very good set of comments, that is, I think we need to have a dialogue to say, Look, we the M commerce crowd, the location sensitive crowd, the advertisers, the carriers, we're going to do this so when you opt-in to this type of service, this is what we're going to do because to assume that the public will go to a screen and say, Well, give me this but not this, if it's Thanksgiving do this, if the Supreme Court is going to make a -- give a decision, do that, it's very doable, and I applaud people who have done it, but I don't think that the public is going to use it. MS. MAHER: That's very interesting. MR. HENDRICKS: I think, I'll do it quickly because I know we're trying to move to Q&A, that what's needed here is to protect this medium and to give consumers confidence in this medium if it's going to work because if you don't there won't be any business, and if you look at E commerce they have black eyes from things like Toysmart going bankrupt and selling data that they promised they wouldn't. You have Amazon.com changing their privacy policy. You have the data leakages identified by the private -- Richard Smith in the Privacy Foundation. All those things have set a black eye which have not created an environment of consumer confidence. Now here we've gotten off to a terrific start with CTIA and WAA coming forward with principles that are based on informed consent, express authorization beforehand, and so we have a lot of consensus as a starting point which gives us a real advantage in dealing with this. The one concern about informed consent is you don't want informed consent to end up being something the way insurance companies use informed consent so to get this insurance policy you have to consent to everything we want. That's not truly informed consent. You have to look at the language in the medical field, where patients have to give their informed consent before surgery as something that you really appreciate what you're consenting to, but I think you do. You have to simplify this for people, and in doing that I think if you look at CTIA's standards and you supplement them, one of the things you're talking about is the importance of anonymity. If you don't have some of those identifiers, it's just a lot cleaner situation. There's a lot less potential harm. So the standards that I would add to what CTIA has done and what the 1999 law has is have the standard of anonymity. One is, don't use people's identifiers if you don't have to. That will increase the consumers' comfort level. Have opt-in, informed consent if there's going to be personally identifiable information. Have the default on wireless devices and systems set so there is no tracking and then people have to activate it so there will be tracking. We've heard about that, and that is overridden when you dial 911. Organizations specify the purpose of their collection and how they're going to use it. You have access to your data and collection, adequate security which means you take reasonable steps, administrative, physical, technical, and then you create infrastructure so people can carry out their privacy policy, and you have enforcement. I think I'm trying to summarize many of the principles that have come through the talk so far, and I think we have the potential here since I'm afraid we're going to face a lot of gridlock in Congress and won't get the kind of privacy law that I think we need to address this comprehensively. At least we can keep moving forward to distinguish this medium from the others in having the consumer groups, the industry groups get together and pound out principles such as these that the FTC might be able to encapsulate in some sort of a code, an industry code that would have some enforcement to it. MS. MAHER: I'm sure we'll be having a lot more discussions about this in the future, and Evan's principles, the principles that Evan just summarized I know he has in a handout that he put out on the table this morning that people can pick up. Now we're going to move to the questions and answers, and we have people with the microphones going around, and please give your name and your organization and spell it too, please. MR. DANIELS: Seth Daniels, D A N I E L S, Brisbane Management. You know, while I'm attending this conference or workshop, I've kind of picked up on a few things that I think are kind of essential, and I don't know that we're totally addressing them. The premise of this conversation or this conference has been a regulated industry, that being cellular, and that's pretty much been the focus, and I think in the regulation of cellular, they have the mandate for the location services. There's a whole burgeoning industry which is a wireless ISP that is not used to make phone calls, which is an 802.11 which is a Ricochet that are really outside the scope of this. We're not -- I don't think we have addressed that, and it's kind of interesting, and I may get some -- I may upset some people here, but we're talking about how the experience has to be a trusting experience. But I'm sitting here thinking when I look at the ads for the cellular phone companies, they always say fast mobile Internet access through my cell phone. They never define fast, and I think if the consumers were to understand that we're always talking about less than 19 2, they wouldn't consider it fast. So when we talk about making the consumer aware of what's going on from the M commerce perspective, if we started talking about the speed of the Internet connection, I think we would get one sense of the direction that the consumer would go if they were aware of the fact that there were high speed access to the Internet from other devices that are not cellular phone specific. And I don't think it's intentional on anyone's part, but I just think that it kind of goes to the fact that we're pretty myopic in scope in our direction of our conversation here, and there are a lot of technologies that are not regulated that fall outside of this, and I would like someone to respond. MS. MAHER: Sure. MR. ASSENZO: Just to take I think the first part of your comment, there is a concern that there would not be regulatory parity. There's discussion about the FCC's CPNI rules, but only telecommunication carriers are subject to that, and FCC as you heard earlier today will be opening a docket to determine what is the appropriate form of affirmative consent that a carrier must acquire from a customer before releasing location information. But there are other entities that are not telecommunication providers that are working on and some have already released this technology which can track cellular phones, and they can find out what phone number it is and then have to filter it out. Another concern about having information transmitted from the handset is that that location information be transmitted to someone who has a server who is not a telecommunications carrier, and that server and that company would not be regulated by the Federal Communications Commission. MR. HENDRICKS: Also I think as we're talking about privacy, consumers don't care whether you're covered by the 1999 law or you're Ricochet. They want to know that their privacy is going to be protected and that there's an easy to understand set of rules, so there's a real concern about that. There are these outliers there that won't be covered by this, and if you look at like the TRUSTe example that they said that one web site had a TRUSTe seal, but what they did they did through software registration so it wasn't covered by their seal. This is kind of distinctions consumers don't care about, and that's why I think it's incumbent upon everybody who wants to promote this space to sign up to the most basically strongest pro consumer standards in a way that they're easy to communicate to people and then can say that there's an enforcement mechanism standing behind them. It's the only thing that's going to create the environment that could allow this to take off. MS. MAHER: Steve, do you have something to add? MR. STUTMAN: Yeah, although I RA engineer, I understand that this is basically 30 percent technology and 70 percent sociology, and I think that's real important to keep in mind, and I think the way the public interacts with wireless devices. And information services as a very broad class, including wireless IP as the gentleman alluded to, is probably a lot different than many people who are involved in making those things think, that is to say, people who are actually defining products and even in some cases deploying products arguably in my humble opinion have not perhaps done enough focus to know what the mass market is really aimed at, and I think -- or is interested in. And I'll give a very simple example. There are some carriers, for example, who talk about the wireless Internet in the palm of your hand, on television frequently, and I've had people ask me knowing what I'm doing, How can that be the Internet, it's a little screen and it's not -- is it the Internet? Well, I understand how it is the Internet and what the conductivity issues are, but that's not the way the public perceives it because the Internet to them means arguably AOL or some familiar browser in color, and it does this. Again to the people on this panel and probably to most of the people in this room, you'll pardon me, it's obvious, AFCPS, any fool can plainly see, but the fact is that the way the public uses these things, even an informed public, is probably very differently than we think, and that's why I will come back to there has to be sort of a simple offering. It has to be clearly defined and it has to go out there because I completely agree with the fact that we all want this to go forward. And by having a simpler defined, easier to understand offering I think we're going to get further faster. MS. MAHER: Marci? MS. WEISLER: Just to add, I think it's important that whether it's regulated or not, like my company provides an application that doesn't fall under any of this regulation, but it's important to build a backbone of trust with the consumer, and we do that through anonymity and not tracking people on an identifiable basis, but I think ultimately businesses can't survive if they're violating the trust of the consumer, whether or not they're being regulated by the government. MS. MAHER: Another question? MR. CONLEY: My name is Jason Conley with the Intelligence Transportation Society of America, and I would like to bring it back to a point a gentleman raised earlier about the difference between anonymity and personally identifiable information. A number of our member companies are very interested in the use of location data that would not need personally identifiable information attached to it such as State Departments of Transportation or Traffic Station.com, any of these companies that are looking to use aggregate data of anonymous cell phone pings to track traffic information, and the question is have any of the corporate policies of your companies addressed a different standard for anonymous location information versus personally identifiable location information? MS. MAHER: Reuven, do you want to take that? MR. CARLYLE: Xypoint has provided a technology trial with a major wireless carrier that at the request of a municipal transportation department in partnership with them, and that issue was raised directly, and it was very interesting in the sense that what stopped it after a period of time was the carrier's lack of comfort with the policy of essentially doing an anonymous ping occasionally of users. And that was at a period of time when the privacy policies simply weren't clear where the carrier was going, so even though this was no aggregation of data, even though there was no identifiable information outside of that, it was just beyond the comfort level of the carrier at that point even though it was at the request of the municipal government. I will suggest though that that tees up the reality that carriers are really just exploring in a very serious level at this point their privacy policies around how they're going to design these issues, and so I think there's an extraordinary sensitivity about violating the trust of users in anything that is even remotely unclear about how it could potentially adversely affect a consumer as simply not being permitted to flourish right now, and that's okay because the implications of the issue are so important. And one other thing I would note real quickly is as a provider of technology we have apparently six million cellular callers that we can track with respect to the 911 mandate on behalf of about 15 wireless carriers, and our contractual obligations to our customer, the wireless carrier, is very clear around our obligations in terms of not providing any kind of open API to any other application provider that would allow them to even test out those services without the express permission of the carrier. So the ownership of the data whether it's anonymous or not anonymous, the ownership of the data is absolutely essential, and Xypoint's position is very clear, it is absolutely unequivocally the carrier's and the consumer's data, and other application providers are not the gate keeper of that data. That doesn't mean applications don't need to have the opportunity to flourish, but it needs to be clear on ownership. MS. MAHER: Joe, did you want to -- MR. ASSENZO: We do not transmit telephone numbers. Our subscriber -- all of our subscriber's telephone numbers are encrypted so when someone is surfing the wireless web and they decide to go to Expedia, the information that is transmitted is anonymous, so today our content partners have no idea about the identity of our subscribers, and we certainly keep it that way for location. This is a very interesting advertising space. It's a different advertising space than online retailing. It is an advertising space that drives back to brick and mortar rather than driving online retail, and this goes to the gentleman's point that what our advertise-- what advertisers and content partners are most interested in is transactional -- trying to drive transactions. And so you get sort of creative ideas, how can you use aggregated information to supply information to brick and mortar businesses, so things that have been proposed that you probably read about is providing aggregated information to the Department of Transportation or providing aggregated information to a billboard owner, how effective is my advertising, are people seeing it. MR. HENDRICKS: For E commerce, there are certain lessons we can learn and know what to expect. Example, America Online gets so many subpoenas both from law enforcement and civil attorneys that they had to set up a separate office in the Loudon County sheriff's office to handle all the subpoena traffic. In other words, collect it and they will come. There are information pros out there, whether they're lawyers or information brokers or private eyes. If they know it's out there, they'll come and get it. The other issue is what was anonymous, Double Click used to collect the anonymous profiles, and then their technology allows it so if you actually gave your identity away at the sweepstakes site or some place else that was on their network, then you can be identified throughout their whole network so you have to be careful that anonymous really means pseudonymous and synonymous means pseudonymous. The other thing is payments. E commerce had this perception that people were afraid to put their credit card number on the Internet, and to some extent that was irrational. To some extent it wasn't, but the point is that now we're seeing companies like American Express and MBNA and Discover and others are moving into the single use number where they're having technologies where one number is used for each credit card purchase. And so if it's stolen it's worthless, and this is a way of anonymizing data, and what we have are systems for really their open exchange of data, so you have to find ways of anonymizing data within that open exchange, and I think that's why you're going to see a lot of gravitation towards single use numbers, and I expect to see them put on credit cards within a year or two. MS. MAHER: Steve? MR. STUTMAN: I was just going to actually make an entreaty to any lawyers in the room, and there's probably more than one, that I think something that would be very welcome would be some boilerplate that you could append, that one could append to any data of any kind on a site such that if there is a successor company or an interaction with a more powerful company, this is something we're sensitive to being a small company, that basically they can't alter your terms of service. And to be specific I brought up the comment saying that your phone number to us so that we can message you or your personal -- we don't know your name, we don't know where you live, et cetera. Having said that, we do capture some information, okay. I said we cleanse histories because we think they're dangerous to keep, and I'm not sure how profitable they will ultimately be, but with that said, there are still people who will want to come in and in plain terms mess with the data legally, so the question is what boilerplate would one put on top of this data so even if there was -- Anne, you mentioned it yesterday, Toysmart, was that the company? MS. MAHER: I think a number of us have mentioned it. MR. STUTMAN: Sorry. Where I guess the company went 11 and they were bought or something, and then the successor went and messed with the data and did things that were, let's just say, not nice, and not in keeping with the original terms of service, so anyway that's just a comment to any lawyers out there and maybe a little niche someone wants to go into. MS. MAHER: John? MR. POLLARD: Anonymity is great. The reality is that I have a lot of customers who through research tell me what they really, really, really want Expedia to do is act and feel a lot like their travel agent which is someone that knows them, knows their credit card, knows their habits knows their kid's name and things like that, and that's what I'm competing with, and it's really, really tough to do the whole mass customization thing without tracking user data, asking for profile information. Now, Expedia will work without registration. The only time we require registration, that is your name and credit card, is when you actually buy something, but the product works better and better the more information you tell us, and for instance like seat preferences or food preferences on a flight, things like that, and it's a real explicit deal you're making with the customer, that the more information they give you, the more you'll streamline your product. And I think that's absolutely the case with mobile applications given the form factor difficulties. Now, what do you do you to combat that? We have -- we're one of I think only two top E commerce sites. We're certainly the only E commerce site in travel in the top ten that has three seals. One is TRUSTe. One is Better Business Bureau and the third one is this Pricewaterhouse added station that actually says that we're doing what we claim we're doing. That policy is we never sell to anybody. We don't sell your data to anybody. Everything is opt-in, and that kind of stuff if it's out there very, very explicit I think customers, especially Americans are pretty comfortable in signing up for that. There are a lot of businesses out there where customers actually want your service to be personalized, and anonymity doesn't get you there. MS. MAHER: I think we have time for one more question? MR. LE MAITRE: Marc Le Maitre again from Nextel. Realizing that I'm probably the only thing standing between this group and lunch, it will be very short, but I think, Reuven, you probably gave us the single biggest ray of hope in this. You talked about the business -- use of this information in the business environment. I think one man's advertising is another man's privacy. There are going to be businesses, and I can envision scenarios where my location and availability or where I am and what I'm doing is going to be very important to businesses, especially as they advertise to each other. I think Nextel has done a good job of showing how B-to-B works in the wireless environment, and I can very readily see this information that we worry about as a privacy issue in the consumer space as actually being very important as an advertising tool for business to business, and the fact that I could if I'm in the building industry and I'm looking for the nearest plumber to solve this problem, the fact that I can go to some place and people actually pay to have their location and their availability advertised to me completely turns the model that we've been describing as a challenge for the consumer market right on its head. And actually I think, Reuven, that's probably having spent 16 years in wireless data the first people to adopt wireless services have been business who get an ROI immediately, and they were certainly the ones that first took out wireless data. MS. MAHER: Anyone want to respond to that? MR. CARLYLE: Well, you can think of a hundred examples where it really is a great opportunity in the marketplace, and if you look at plumbing and delivery services and the web -- Home Grocer.Com and all those kind of delivery capabilities, if we can get the privacy issue addressed in the appropriate manner, the ability to go to a terminal at your home if you want to, tap in a phone number from a safety point of view and have that red dot come on with a map of the proximity or the precise location of the user, if that's your spouse, your child, a teenager or somebody you want, again recognizing the opt-in, recognizing the policy implication. But if you realize that businesses can make extraordinary value out of that, and consumers can make extraordinary value out of that, there really is a great opportunity to make something powerful happen in the marketplace, and I think that's why the market is driving this very aggressively forward. MS. MAHER: Thank you. I think we're going to have to wrap it up now. It's unfortunate because I think we could talk a lot longer about all of these issues. I have a couple announcements to make. First, I really want to thank the panel since they are terrific. We're going to have an hour break for lunch now, and then we'll come back to the next round table which is building privacy and security solutions into the technological architecture. If you go out to lunch, there is a list in your packets of restaurants. You can also eat upstairs at the Top of the Trade, the FTC restaurant, and also upstairs we have demos of wireless services and devices upstairs on the 7th floor so everyone can go up and look at those. Please keep your badges too when you leave the building and come back in so you don't have to sign in again. (Whereupon, at 12:30 p.m., a lunch recess was taken.) AFTERNOON SESSION (1:35 p.m.) PANEL ON BUILDING PRIVACY AND SECURITY SOLUTIONS INTO THE TECHNOLOGICAL ARCHITECTURE PANEL MEMBERS: ELLEN FINN, FTC, MODERATOR
ERIC BERGERON
JANELLE W. EDGAR
MARC LE MAITRE
GREGORY MILLER
RICHARD PURCELL
RICHARD SMITH
SHEKAR RAO MS. FINN: Welcome back. My name is Ellen Finn. I'm an attorney in the Bureau of Consumer Protection at the FTC, and I'll be moderating this panel on building privacy and security solutions into the technological architecture. This morning panelists and presenters explored a variety of privacy and security issues that are raised by emerging wireless technologies and services including issues surrounding location information. In this panel we're going to try to talk about ways that privacy and security solutions can be built into the technological architecture of devices, networks or businesses to try to minimize or eliminate some of the concerns that were raised earlier in this workshop. To discuss these issues, I'm going to give only brief biographies, the written biographies are in your folders, we have Eric Bergeron who is the general manager of Wireless Solutions, ZeroKnowledge Systems which is a leading provider of privacy enabling technology services for consumers and businesses. We have Janelle Edgar who is the director of implementation management for Diversinet, digital certificate software PKI company based in Toronto. Marc Le Maitre is director of technology strategy for Nextel Telecommunications. Greg Miller is the vice president of corporate development and chief privacy officer for MEconomy, an emerging company in the Internet privacy infrastructure sector. Richard Purcell is the director of Microsoft's corporate privacy group. Shekar Rao is included in your addendum. He's with us from Aether Systems. And Richard Smith at the end is chief technology officer for The Privacy Foundation. Detailed bios for all of them are in your program materials, and as I say, Shekar is in the addendum that we handed out. As we have done before, I'm going to try to leave 20 minutes for questions and comments from the audience at the end of the panel, so if you are listening in the overflow room, if you would like to ask a question, we ask that you come become to the door of room 432 at about 2:25 and we'll have microphones available. Panelists, I'll remind you if you want to answer a particular question or get my attention, you can turn your nameplate on its side or just raise your hand to get my attention. To start with, I wanted to ask whether there are some basic principles of technology and design that we have learned in the wired Internet space that can be applied in the wireless context to increase privacy and security. Maybe Greg, if you want to start us off. MR. MILLER: It sounds like I'm the sacrificial lamb. Good afternoon, and I would like to thank the Commission for pulling this together and allowing us to come here and contribute. I'll try to say something reasonably intelligent. We at MEconomy have actually looked long and hard at this issue, and I think that you're going to find as the hour wears on that this could be one of the most interesting panels. A lot of contentious issues are going to go back and forth with a lot of red herrings and rat holes of technical detail on sufficiency of security and privacy, but I think there's a lot to be talked about, and I think we need to basically pull the covers back and look at reality here. From our perspective, there are five principles that we think are worthy of consideration for privacy and security in the wireless infrastructure, and I'll just run through them real quickly. First the user's direct access device should be the initial source of encryption. We believe it should be performed end to end without untrusted intermediaries. Secondly, we think the end device should be an open platform so users can load and unload their own privacy and security technologies. Third all technologies that directly and initially touch consumers' data such as at the point of collection should be available for unfettered public review, in other words, yes, I said it. We support open source initiatives. Fourth, I think consumers might have complete control of information so once again fair information reporting principles we think apply: Notice, consent, access and security, noting that I said consent, not choice. And finally any data collected for a transaction should be decoupled from personally identifiable data and only used for that transaction. We think those should be the five guiding principles from what we've learned in the Internet space. MS. FINN: Is there anyone else who has thoughts on that? Richard Smith? MR. SMITH: One of the things that came out earlier this year was an issue with both Sprint PCS phones as well as AT&T wireless web phones around the use of what's called persistent identifiers. In this case when you browse the web site with the phone, the web browser that was in the phone gave out your phone number to the web site you were going to and in the Internet space this is considered let's say bad form. You wouldn't do this. It's very interesting to watch the reaction among the different players in this because I ended up speaking to press people as well as equipment manufacturers as well as also the wireless carriers, and the web browser company said, Yeah, it's not a great idea, the phone number goes out, but we don't want to upset the wireless companies. They're our customers, and we can't tell them how to do a more secure system or more private system, which I found interesting, and then the wireless companies kind of said back, well, the only place you can go with this phone is some place you subscribe and therefore there's not a privacy problem because they already have that information. And it was interesting, that was not really a true statement because I had set up my own web site to collect phone numbers. This was from press people that had these phones, and sure enough, it worked. These phones were not in a walled garden at all. What's interesting to me in this situation is that the wireless web didn't seem to know about what's going on in the regular worldwide web. We invented, or I won't say we, but cookies were invented six or seven years ago to solve this problem, how you deal with identifying people and at the same time giving some level of privacy. So I think there's a lot that can be gained from the Internet here on basic technologies. Part of the problem though is an educational one of getting the people who are building these phones to appreciate some of this, and this goes back to something that Larry Ponemon said this morning, a lot of people within the companies don't understand what they need to do. I believe they're getting more educated. I know that Dan mentioned there was a conference on the issue of privacy, so I think it's beginning to rise on the radar screen. MS. FINN: Thank you. And, Marc, did you have -- I'll remind also all the panelists, try to speak into the mike as much as you can so we're sure the folks in the overflow room can hear. Marc? MR. LEMAITRE: So what do we learn from the web? We learned that this really is an extension of the web experience, although it's got all its own little specialties. I think we've learned that -- I've seen enough rhetoric in the press about how WAP isn't working, and I think that blaming WAP for that experience is like blaming HTML for the fact that you don't like the web page that you visit. It's deflecting the problem. I think we've recognized that there has to be a unique experience in wireless, and probably in order to be able to bring that experience to bear it has to include things like location or state information, where I am and what am I doing in order to be personalized to me. I think we've learned it's not a web browsing experience. It's more of a transaction oriented type of environment, but I do think the wireless industry is actually giving something back to the Internet as well because the single largest presence for Smart Cards is currently in the wireless industry, and I think we struggled with the uptake of that particular technology, but if you look at the GSM standards and the future CDMA standards, you see a Smart Card. And I think as we go forward, while Gregory has made a fine point about end to end security, what I encrypt only gets decrypted at the other end. It's a great goal end point, but I think that certainly one of the things we've learned from the web as we've tried to use WAP as a protocol is that it doesn't always work to have this direct -- this content directly delivered to the handset. There has to be some notion of some sort of proxy on the network. The name for a proxy in this case would be an agent and another name for an agent in this respect of privacy would be a trusted agent, so something that's acting on my behalf and identifiable as mine is something that we have learned as we've sort of migrated web standards into the wireless industry. MS. FINN: Richard? MR. PURCELL: We have to be very careful in all of our discussions around this because one of the things that is a logical though irrational outcome to a lot of this is that all of us go back to our company and constituent groups and say, Oh, gosh people are really concerned about our privacy both online and in the wireless space, and they don't want to be creeped out by surveillance, and they want to keep their information secured and private, so start coding. The developers say, Code what? There's no particular vocabulary that we have developed that actually explicitly defines what it is we're requiring here. There's no particular clarity around what it is that privacy is. What is privacy? Is it modesty, a word I can define for you. I know it doesn't make much sense to this group or even to this town, or is it beyond modest and is it hiding or is it simple desire to be not recognized or not known. I mean, there's a lot of ways that this can be interpreted, and there has to be some parsing out of this issue very carefully and methodically because you cannot code technology either for privacy purposes or security purposes or for delivering services unless you have an unambiguous purpose first of all. So what we're doing, what we need to define, what we're doing in our company is we're defining the purpose, the common purpose to be achieved here, the principle that that common purpose meets, the policies that support those principles, the processes that are supportive of the policies and of the needs that are expressed, and only then can we get to the technologies, and then looping back there has to be of course a verification process as well. In the technology space, not dissimilar from Greg but we're demanding that there be an authentication method and also that that authentication method be flexible enough to support persona management, who do you want to be for a particular activity, do you want to be anonymous, pseudonymous, do you want to be known? Do you want to be your persona at work or do you want to be your persona at home or do you want to be a different persona? There has to be support for people to be -- the person that they think is contextually appropriate. Authorization, authentication is one thing. I am me. Authorization is an entirely higher order of technology and security requirements that says, Not only am I me, but I have authorization to access certain services, certain -- and authorization goes both ways. It's not just the consumer. It's also the enterprise. Encryption as Greg states is incredibly important, secured transmissions of data which arguably the wireless space will tell you that there is security in those transmissions. There are many commenters that will say that that is simply not the case. That has to be straightened out, absolutely unambiguously answered. Secondary preference recognition, in other words, you may have a primary relationship and your preferences may be expressed to in that relationship, but how do you -- how are those transmitted to secondary and tertiary parties and how confident are you in that they will recognize those and manage them appropriately. And finally as we've talked today on and on and on again, what's the user interface, what do you see and how do you control that? We think without a doubt customers expect that they will always want control over their personal data, identity, location, activity, state, presence, all of that stuff, and we need to start demanding a listing of these kinds of requirements because we can't code without them. MS. FINN: Greg, I see you have your tent up, but I would like to try to move us to a question that arises out of something Richard just said. You said there may be some debate about this, whether or not wireless really is secure, and I think since that's our focus here, I would like to ask the question, moving from the broad principles that we may have learned in the wired space, what are some of the concrete things that companies are doing today to build privacy and security in the wireless medium and are the current protections adequate? Janelle, maybe you would like to speak to that. MS. EDGAR: Well, I think that certainly the lessons and the tools that come out of the Internet, like encryption and authentication using public key infrastructure are needing to be leveraged in the wireless environment because of the personal nature of a wireless device and then of course the restricted memory and the bandwidth issues. There are greater challenges in implementing the security and of that environment, and that difference, the technology difference where the overhead is just more of an issue, and there are trade-offs there between the higher level of security and the speed and efficiency of your transaction operations, and these are some of the things I don't think consumers even realize they have to deal with those trade-offs and when they are expecting greater security which they need, and you have to have but the technology provider is needed to be conscious of that and provide the tools that will provide as much speed and efficiency as possible. MS. FINN: Greg? MR. MILLER: I think that generally we believe that the protections that are currently being employed are actually an attempt to strike a balance between what I call breakability for government intelligence agencies and sufficient security to thwart the casual intercept, and I think they're reasonably justified by limitations in the technology: Bandwidth, CPU, memory, user interface. Those are really the four corners I think of any technical discussion. We look at what we can do within the wireless space, but I think it's also well settled that academicians have argued that for a variety of the reasons such as the ATA 5 ciphers specified in the GSM consortium are a classical example of this trying to build something that's breakable for government purposes but good enough for most thwarting. The problem is that powerful cryptographic capability is now so widely available in the intelligence world it's actually percolated down to the public and is available in very low cost computing techniques, and inexpensive but powerful hardware. In fact, the types of intrusions that could be performed by relative amateurs are surprising everyone. If you thought we had problems with analog phones being hijacked, I can tell you that I've actually witnessed demonstrations at Cal Berkley where PCS devices that are being marketed by Pac Bell like this and a couple other devices are being also -- basically identity theft is available to them. I think one initiative that's demonstrating these trap doors frankly is WTLS which is wireless implementation of the transport layer security or what we also know in another world as SSL. And I think it's well said in the literature that while in the authentication area there's been some good work using sufficient key links such as the electrical curve digital signature algorithm, the key links are not foolproof. Any good authentication algorithm can also be used to encrypt. So take, for example, for those in the technical space the algomal encryption variation on Diffey Hellman. And we don't need to go down that rat hole, but I think the bottom line here is that we need to understand that the WAP forum has arguably introduced several major cryptic vulnerabilities to TLS, and TLS is being -- WTLS is being used widely in the American GSM standard and in telephones, PCS devices that are claiming that they have security with that. So I think that we need to look at the reality here. There are definitely vulnerabilities that are very clear and present. MS. FINN: Eric? MR. BERGERON: I would like to state a different point, which is the difference between security and privacy in the industry at large. There's a large confusion between privacy and security. One is equated for the other and these are very two different topics. Why? Because security is a means to enforce privacy but privacy goes much beyond simple security, so you can have a fully encrypted end to end secure communication channel, but at the other end, your service provider or your portal can attract, profile, build a dossier on you and sell it to another party. So you can have full security on a channel and have absolutely no privacy so those are two topics that are very different. MS. FINN: Richard? MR. PURCELL: It drives me a little crazy when we all know that encryption is widely available. You can -- it's there. Now, anybody in this room, anybody, send me an encrypted E mail and certify that you are the author of that E mail unambiguously. Anybody can do that? Anybody can do that? If you're not in law enforcement it's unlikely that you have the skill set to actually do that on any common platform today. One of the things we've learned in our bringing the Internet to the mass population is that we have lots of theoretical protections for these people that are fundamentally not available to the common person. It just isn't part of a person's every day life to even use PKI, Dan, send me a PKI encrypted sheltered piece of E mail. Can you do that? Well, hell no. I mean, it's outside of our control. Now, the problem is that we have an incredible amount of technology available to us, and that technology is so far in advance of what's's available to consumers in every day use to just use it, it's hard enough for most people to send E mail, much less one that is fully encrypted and certified through an authority, very difficult. It's not difficult, it just doesn't happen. It just doesn't happen. I have a guy, a security guy at Microsoft that sends me mail, it's always encrypted and it's always certified, and it says stuff like what are you doing for lunch today? Okay, fine. Nice demonstration that you can do this, but let's -- it's nonsensical that we're applying that kind of technology to those kinds of messages. At the same time I'm sure every one of us gets messages in E mail from our attorneys that says privileged and confidential. It's being passed in clear text -- it may be privileged. It's not confidential by any means, so what I'm trying to say is one lesson we've learned is we haven't learned much about how to put realistic usable tools into the hands of the consumer. MS. FINN: Marc, did you want to respond? MR. LEMAITRE: I wanted to touch on privacy as well and again touch back on the first question about what is what do we learn from the Internet. Danny Weitzner and I spent a considerable amount of time last week in the W3C and WAP forum joint meetings discussing the similarities and differences between the wired line experience on the Internet and the wireless experience on the wireless or whatever other connected device. And I think we came to terms with the fact that though an extension subtlety different, we had to consider the uniqueness and build upon P3P, and I think that message came across loud and clear that are additional components to this architecture that needs to be built. For instance, I know that P3P is a policy based service, and at the moment the web experience that I have visiting a site and now being able to machine read a privacy policy does not require me to read five screens worth of very small print. It's going to be a major aid to my giving informed consent, but that isn't going to be enough it is my belief in the wireless industry because the stakes have got higher. The stakes now are not digital footprints in cyberspace being able to track my click throughs, where did I come from this site. Where did I go from this site. This is now which shop did I visit first, where did I go second and where did I go third. And I'm no expert by any means in contract law but logic says that the next -- the best thing would be a contract. I look for things that are already out there to see how we can leverage them, and the notion that I can now digitally sign a document and have that passed in law as if I had signed it with ink might be a way of exchanging contracts in the wireless world to gain a greater level of acceptance from the customer. I think that reading a privacy policy on a wireless phone is significantly less compelling than on reading on the PC which wasn't very good in the first place. We need to up the stakes here. I think we need to get to the point whereby we can give -- just as when I shop in a store, I get a digital receipt or get a receipt back from the merchant saying I agree to be bound by the card holders terms and conditions. I don't display those on the wireless phones but what I do is give the receipts that refer back to the original contract. What I think we need is an over arching framework. Now, these things don't appear overnight. My sincere concern, and I don't want to be an alarmist here, is that the carrier's already building this stuff. They've already uncovered location. There's an FCC mandate out there that requires that we provide this infrastructure and no method of cost recovery or very few, so it's going to be compelling on us of trying to find a way to do this. My concern is this thing will start to happen without us. What I'm going to finish is by saying that we are late to the ball. We have no party dress. Now is not the time to go for the first fitting. You have to buy off the peg. Is there anything out there that we can possibly implement, and I take Richard's point, don't just code but we do have a tremendous amount of user requirements and we've spent probably the best part of the time since the beginning of this workshop defining user requirements. I think we do have a fair understanding of how high the stakes are and what it's going to take in order to be able to satisfy our customers. MS. FINN: I would be curious if you all have views of -- I hear you saying there are technologies that are out there that can improve security at least in theory or at least in the academic literature. There are tools available, but that they are not necessarily widely being implemented and employed. Is that simply a matter of economics or are there other reasons why these technologies are not being widely implemented? Eric? MR. BERGERON: Well, the first reason is that mobile phones are poor computing devices so for. This is changing very fast, and when the phones become powerful enough to compute easily and perform functions, then you will see more and more the PC paradigm moving to the phone, so you will be seeing applications that you can build yourself. Applications you can already see in Europe today, applications built on smart card use to program stuff or PKI so the more the phone becomes powerful, the more you will see a full array of new applications and new services that will enable security and privacy. MS. FINN: Janelle? MS. EDGAR: As those certificates do end up on the devices like a client certificate, digital certificate that can be used for the encryption and for the digital signing, it's going to address a lot of the security concerns, but there are still issues around who is going to issue and validate those, who is going to stand behind the digital certificates that are issued, but I do think that as these industry is maturing and as the business models stabilize, those answers will be addressed. MS. FINN: Shekar? MR. RAO: I think I agree with both Eric and Janelle's point. The one thing which will actually help that option is what we're seeing in the PDA rule I think with the open OSSs that Palm has and Microsoft has versus those in the phone world there is going to be a little more time towards an end option toward the encryption models and other things. I think if one may be able to look at all the applications that I deliver for palm devices, you can see a couple of interesting paradigms emerging. One of them is it's possible or it is necessary with all the limitations that these devices have to have different levels -- to be able to say that certain pieces of information like the one that we just said about let's go for lunch, maybe it's not encrypted so it becomes a much nicer user experience whereas something that's privileged and confidential does have that kind. And some of the applications that are out there from a security encryption viewpoint I guess the next piece that many of us including those at Aether are working on is authentication, how do we get the certifications out for the devices, how do we make sure they're secure and private, how do we make sure that they're one off so they for certain transactions can be changed and have a random nature. So it's happening there. It's happening at a slow pace. And the one thing one should be careful about is just taking the paradigms that are used in the wired world directly into the mobile and the wireless area. There are some lessons that can be learned, but just taking them directly across and trying to put out some heavy processing will cause this whole marketplace to get significantly stymied. I think there is progress is happening, and it could be accelerated, but it needs a lot of different players to step up. MS. FINN: Eric? MR. BERGERON: This is a fundamental paradigm of the wireless, E Commerce that the wireless industry being a telecom industry is based on strong authentications. We must authenticate that you're paying your bill that you are who you are in order to process calls, and privacy is based on the contrary of that so how can we build strong authentication and strong privacy at the same time? This is one challenge we face as an industry, and the second challenge is technology tools must be enabled to give carriers and portals and consumers and ways to feel secure and respect regulations. One example I can give is imagine you're a U.S. executive traveling in Europe. You have a rented phone from the UK where you arrived in the first place. Now you are in Germany, and as a father you feel guilty so you want to buy toys for the kids at the airport, something that most of you I think have experienced before. So you use your web phone in Germany. It's a UK phone to access an E commerce web site and you ask to buy a toy delivered at the door of your home in the U.S., so the phone must comply with the UK data protection act. It must comply with the online children protection act in the UK because it's a toy site. Also it must comply with the privacy directive from the European Union, and lastly the web sites sets a cookie on your web browser but in Germany there's a law on cookies that requires express written agreement before you see cookies, so how can you comply with German, European, UK and U.S. multi dimensional regulations? It's a nightmare so we have a multi industry value change. We enter a multi technology universe, so there must be technological solutions to take care of that. Otherwise the business will not take off. MS. FINN: Richard Smith? MR. SMITH: I want to make a quick comment about the security systems. One thing we need to be very careful about, that's something that Richard Purcell has already mentioned here with E mail, but this whole issue of security systems or authentication systems and certificate systems. They all have to be very transparent and intuitive to the users. Otherwise they're just not going to get used and you've wasted all your time and that's what really is Phase II beside just the issues of computing power and a phone is making systems that are easy to understand. I heard this morning, Lorrie brought up the system where you use a thumbprint and I think that sort of fits into the intuitive system. On the other hand it does raise, as Eric just pointed out, there's a real tension between security and authentication in particular and privacy. MS. FINN: Richard? MR. PURCELL: Very quickly, we've been pulling phones up all day today and yesterday, so I won't hold mine up but phones have locks. Every one of them is enabled with a locking mechanism. Anybody using it at all? Yeah. We've talked about what happens if I lose my phone and somebody gets at it. Well, there are locks on them right now to prevent unauthorized access but they are simply not used. There's a reason they're not used. It's because essentially it's a barrier. I've got to punch in four or five numbers before I can punch in the ten numbers that I need in order to punch in my 13 numbers in order to get my account. It's a hassle, so absolutely agreed. There's got to be simple yet secure methods, but we also have a big job just getting the consumer, the marketplace, up to speed with the kinds of technologies that we're making available to them. And as long as we don't do that we then have a marketplace that essentially is being victimized by the technology sector. They have to be equally empowered to be able to use this technology in order to take advantage of and control their own information. MS. FINN: Greg, did you want to add something? MR. MILLER: Well, quickly. I think there's another issue. Notwithstanding the various degrees of reliability for biometrics, assuming that a thumb print or whatever would be a nice addition to the telephone it gets back to business propositions too. You add 2 or $300 to the cost of the phone and what have you done to user adoption in this era where user adoption is everything. Part of the problem is adding security and privacy functionality into this wireless state necessarily means changing everything from the design lines and sort of the look performance and the price performance of the devices. I also want to add too that I think at the risk of sounding like one of those, there are probably these continuing frictions between the interests of government agencies and law enforcement and their ability right now to take advantage of weaknesses and protocols so that they can get their job done, and the interest of consumers in seeing those protocols strengthened and fortified so they can keep their nyms, so I think that's another competing issue that we need to look at. MS. FINN: Marc? MR. LEMAITRE: I have one other point I would like to add on the business model side of thing. It's just not the additional cost of the phone that I think is going to be impacted by this privacy. I think a number of panelists have said that really the only way to empower the customer is to put the information back in the customer's control. Now, there's a huge amount of legacy information out there about me and probably everyone in this room, and that's where zealots in this space have taken real serious care about it, so it's a problem of not increasing the bleeding, but essentially when it comes to adding value in the wireless location, wireless state space, that is this personalization for wireless, I think that there's another issue that we have to very carefully consider. And that is that how do we create a mechanism that allows the customer to be empowered with this information, despite the fact that it actually resides in a customer's database at this moment in time, that it is somehow marshaled by the customer. It's owned by the customer, and the big problem there is how do you provide businesses with access to that information under the customer's concern. What I'm most concerned to make sure is that the wheels of industry are greased as we put the brakes on, that we don't actually stop businesses by over empowering the customers. It's not something I've heard, but if I take back all the information I ever got about myself most of the companies I do business with would die fairly quickly if we all did that. So I'm looking forward to some type of mechanism that allows me to be able to empower the customer but at the same time continue the wheels of industry moving and you put in your crib notes, I would very much like another get together to bring out all the opportunities and options for technology here because some of them, some of the emerging technologies, you put down particularly a product called XNS that has been built specifically on top of P3P to extend its capability for something like a wireless technology might solve these problems. The problem is it lacks the overall governance because I think ultimately the issue is going to be about do I trust this framework. In that respect it's very much like a card holder agreement, the credit card. If I trust that card holder's agreement, the transactions, the contracts that I sign, the receipts that I get from the merchants when I do this ultimately becomes trustworthy. I don't refer back to the card holder's agreement every time because I trust it and as long as the card holder knows I am who I am, and that's the identity management piece, that ultimately that gives everybody a level of trust that there's a level of recourse. I think that's what's missing in all this privacy thing is the recourse issue. MS. FINN: We've heard a lot about how there are a lot of differing technical standards, particularly in the U.S. Does the wide variety of technologies that are employed in this space itself create security issues? Shekar, maybe would you like to speak to that? MR. RAO: Yeah, I think that that's definitely a cause of concern by different players in the solution space especially end to end. I think a lot of people are seeing but are not sure what needs to be done. I think one of the points brought up by the panel was the issue of PKI. A lot of people are asking for PKIs but there's no clear understanding of what PKI means, how is it going to be enabled, how is it going to be enforced, who the certificate authority is, how do they get transferred. So there's definitely confusion as to what to implement, and I think as Richard Purcell appropriately pointed out, it's hard to tell the callers to call when at the business side or at the government side there's no idea what is needed to be done. So I think the need for some kind of a framework, some kind of an architecture that says that these are some of the basic standards to enable the E commerce or the M commerce to happen and if these standards are adopted at least the different players, the retailers and the space and the credit card agencies can all say, okay, we subscribe to that and hence you have a certain degree of assurance with the public will become more adopted or more acceptable. I think one of the things I was reading the Forester report which estimated that as approximately due to this confusion on security and privacy and all the other aspects of this case as much as $5 billion worth of online preventive potential was lost last year, so I think there is definitely some kind of a confusion with the standard. There's some need for some standards body to step up to the plate and say that this is what we think are some minimum standards and if you do this maybe you can reinforce the common person to think that there is something happening there and they only have that to worry about. MS. FINN: Janelle, did you want to add something? MS. EDGAR: I wanted to add that certainly the standards for how the security models will end up being framed out and the standards for that, then in speaking just about the challenge of implementing security, implementing PKI as a company, that we do have a product that is working. And these environments with digital certificates on the client side and such, that the challenge is all of the different standards just in the communications industry particularly in the United States and a variety of devices and networks, and all of you are probably familiar with this. But as you're implementing security technology where you have to keep in mind or pour into different OSes and different devices and such, that makes it a lot more difficult and that is a great challenge to us particularly in the United States. MS. FINN: Does the need to communicate over so many platforms and with so many devices -- not only does it create difficulties but does it create additional costs that may be an impediment to reaching a level of security that you might otherwise implement? MS. EDGAR: I think it will -- it's going to make it take a little longer to reach the optimal level of security across the board, yes. MS. FINN: Eric, did you want to speak to this? MR. BERGERON: I think once again Europe is showing the way. As we speak today there's a new standards subgroup, that's the standard body in Europe, M commerce so they don't waste time. They started the new standards working group such as I think a display on your phone showing that the transaction is secure. So they are standardizing procedures for M commerce instead of waiting for competitive forces to play, they agree to level up the playing field together and then will compete on services, not on technologies, so once again I think that on the technology forefront we are losing ground and in North America as a whole, not just the U.S. but Canada. We have the same strengths and weaknesses as the U.S. on this, so we are losing ground to the Europeans on that because of the lack of standards and we don't know on what to compete. We compete on basic nuts and bolts instead of basic service. MR. LEMAITRE: It would be a real shame if we didn't learn from the issues that were raised yesterday about the proliferation of wireless standards in North America compared with Europe. There is innovation in this open free framework, but I just don't believe that it's in any of our interests to have a different privacy framework for every wireless carrier in North America. It's not the area I think we should be competing. It's the area we should be cooperating. We should look to differentiate at a different layer. MR. PURCELL: I agree completely. I don't think the problem is the lack of standards. We got lots of standards. It's like Mark Twain said, Hey, quitting smoking isn't that hard, I've done it lots of times. The problem is that what we have doesn't so much constitute standards as it constitutes competing protocols that are being used in a proprietary way in order to compete in the marketplace. I agree completely with Marc that that's the wrong place to complete. A lot of the standards that we are claiming are actually products, and we have a product orientation to the production of these standards as if when we finish the standard and we bind it and publish it, we're done. It's not done. That's the hard work that has to be done in order to start, and we too often are looking at standard -- standards development as competition in and of itself and as an end product as opposed to creating a beginning point from which we then can launch our competitive efforts in order to attract customers and to attract them by producing secure and private services. MS. FINN: Are there sort of technologies that may not be here today but that may be coming soon that can enhance privacy? For example, I think I've spoken, Richard Purcell, with you about and some of you others as well the concept that you can create protections that flow with someone's data so that it is constantly meshed with and embedded with your set of permissions as to who can have it, what they can do with it, where it should go. A lot of concerns we've heard raised as well, I may consent to my carrier having it or to my carrier providing it to this particular service provider, but once they have it how do I know who it's going to, how do I know what they're doing with it? Is there a way technologically to really bind the data to the protections and the permissions I want to have with it? MR. PURCELL: I would say we don't know if there is yet or not. There are -- there's an interesting circumstance that we face today. Britney Spears music is better protected than your identity because we have -- I'm not sure that she actually writes that stuff, but whoever does, it's difficult to -- it's possible to explore it, it's intriguing to explore the idea that digital rights management approach to protecting the intellectual property rights of digital information could be extended and applied to personal information including identity behavior activities, locations, states, presence, that kind of stuff. It would be a very interesting exercise to get a smart group of people together to start exploring that issue to see if essentially you can wrap around a binary object your data different layers that enforce specific kinds of privacy and security preferences. MS. FINN: Greg? MR. MILLER: I was going to add to Richard's comment that there's this old concept in law called covenants that run with the land, and we believe there ought to be covenants that ought to run with the data in much the same way so you might jot that down as a crib note thinking in a paradigm for the lawyers in the room, covenants that run with the data. Are there things we can do to create -- there was a concept before the lunch break mentioned, the concept of a persistent cookie. I think Mr. Poneman mentioned it this morning which also as Dr. Lucas sitting in front of me will immediately say, yes, there are all kinds of controversies behind that too. I think everything has controversy around it either way, but the idea of a -- that I have -- let's face it, in the information economy the wealth creating agent today is information, is data. Just as in the industrial age the wealth creating was raw material. Today it's data. The single most valuable data that we have is our personal profile, and we believe that we should be the manager or in the best position to manage that. And so perhaps there is a peer to peer networking concept here that I manage my own profile and I give permission to entities out there, destinations and services to use areas of that data calling to mind ZeroKnowledge's concept of progressive levels of disclosure. So maybe there's a next generation type of certificate calling to Janelle that says, My health care provider gets to see these data elements about me, my financial services provider gets to see these data elements. None of the two shall mix, and that I control that and finally perhaps the ultimate layer to take what has been historically two allergic entities, data miners and the privacy and security, to make them two sides of the single coin by saying perhaps what we do is realize that every consumer in America needs to be a digital economy knowledge worker. And we do that by incentisizing them for giving permission to use their data, so query if that isn't an interesting model of the future. MS. FINN: Marc. MR. LEMAITRE: I agree entirely that there must be conditions as you deliver data information to a third party. I would like to get to the position specifically to deal with location and state where my consumer could pass that information off under terms of the contract that goes something like this. You can keep this information for 15 seconds. During that time you can determine whether there are any location services around me that fit my profile. At the end of that 15 seconds you must guarantee to destroy that data, and by the way you can't share it during that 15 seconds because that gets around the issue of the persistence of this data which I think becomes more destructive or malicious intent as it's built up. The idea that somebody could track where I was last Friday and the Friday before starts to become quite concerning to me, so this notion that the data didn't persist on the other end, although I have some mechanism of pulling it back once I've given it in case I change my mind. Unfortunately people do that. They give out information and then regret it later. That has to be built in at the very core, but I think the initial point is that there has to be a mechanism, and I'm looking at the digital signature laws as a mechanism, I would enforce that. If I get your digital signature on a contract of that magnitude, providing I can enforce that contract in law, then the notion that I could write that contract to suit me, that it's under my terms and conditions I think as a consumer would give me a lot more comfort that that information was not going to be abused. MS. FINN: Thank you, and the last question as we try to save some time for some questions and comments from the audience is we've been talking about ways that technology may be able to help us address privacy and security issues but what do you all see as the limits of technology in this area? Are there other elements that need to be in place and if so what are some of them that need to surround the technological solutions in order for us to have meaningful and complete and security protections? Greg, you're making eye contact so I'm going to call on you. MR. MILLER: No, I was hoping that Marc would say something. He was looking at me. MR. LEMAITRE: Not me. I'm not touching that. MR. MILLER: Once again, I started being the sacrificial lamb, perhaps I'll end that way. We think actually that -- I guess the answer to all that is yes. There are at least four things that come to mind from our perspective that represent issues that have to be dealt with in terms of the limitations on the amount of privacy and security protection we can achieve. The first, and I'm sorry, Janelle, to drag you back into this but at the end of the day is key management. People will forget their keys or they'll give them away. That's just the fact of life. People still use post it notes for their passwords on their screen. Education, I think unless consumers understand the risks of their personal well-being in an unsecured transaction mechanism such as the ones that are being deployed today in the wireless space, price and style are always going to win out. People aren't going to be willing to pay the extra hundred bucks for the biometric device on their telephone. Regulation, perhaps the scariest word of all. I think what we believe is market forces will be sufficient industry motivators. At least in the perfect world we would like to believe that. I think that's also an important rule partnership or initiative to prudent or regulatory guidelines, and finally incentives. And it comes back to what I was saying a moment ago, our start up is founded on the belief that unless the incentives of the advertisers, marketers and the consumers are aligned these privacy and security concerns will continue. I think the consumers have to be motivated to care about the control they have over their personal information, and advertisers have to be motivated to care about not compromising consumers's personal information, and marketers have to be motivated to gather and not misuse this information. A system like the one I mentioned a moment ago, creating something that I call an assured privacy layer, an APL, think of it as being sort of the metaphor or the analogy to SSL, the secured socket layer, something called an assured privacy layer. You know when you're in it. You know what the world and the experience is like when you're in it and it's made possible by a trusted party. I think that that layer should reward consumers for authorizing specific uses of their data, giving permission to destinations and other web services to leverage that data on a sliding scale of rewards or incentives and other benefits, and I think that's the way you're going to bring those two together. And I think at the same time we really need to focus on APL, so I think that there's things -- there are limits and those limits really are around key management, education, regulation and what kinds of incentives we put in place to get people engaged. MS. FINN: Thank you. Is there anyone else that would like to throw other elements into the mix? Richard Smith? MR. SMITH: Real quickly here. In terms of solving the privacy issue with technology, technology does quite well in a lot of areas, but one area it's going to really fall down on, we've already kind of chatted about that a bit is the whole issue of sharing. Once the data gets off your phone and out there in the world, it can be copied around, and that's the nice thing about computers they're very good about sharing data. Then we get into regulation or contracts as Marc mentioned to have to control it there, but technology can sort of help out there, can remind people if I have an X file with data in, I can include tags that say this shouldn't be shared, so it at least reminds the programmer where they need to be careful. But fundamentally technology is really good about not letting the data get out first, but once it's out, then it's less of a good solution. MS. FINN: I'm going to stop and invite questions and comments from the audience, and I'll remind the people who are listening in the overflow rooms that if they would like to ask questions they can come to the doorway here at 432 and we have microphones available. So let me recognize first the person who's at the door. If you could please give your name and where you're from. MS. CUNNINGHAM: C A R A, C U N N I N G H A M, Red Herring. I have a couple related questions. We talked a little bit about Europe. I'm wondering if we can learn anything from Japan since the mobile Internet is so popular over there? What do we know about privacy and security issues and what can we learn about that? Also as the world moves to 3G, albeit kind of slowly over here, is that an opportunity for security and privacy to become universal? And lastly how much will we be held back in the U.S. from the Internet being mobile because of privacy and security? Are we going to be behind the rest of the world forever? MS. FINN: There's a lot of questions there. Who wants to pick one to start? MR. BERGERON: Well, if we talk about Europe and Japan, Japan is the showcase of what 3G will look like. They do with 2G with nine points kilobit per second of data which is quite slow. They do amazing services with color and video and stuff, so you see that 3G will be based on location profiling, but especially on commerce. And this is one place where privacy needs to be built in. If you want to look at the future, look at Japan, and look at the revenue base that the individual extracts from those services. It's fantastic, and it's based on transaction -- this is a view of the future transaction based wireless services. MS. FINN: Shekar. MR. RAO: I think the one point I would like to answer is the second thing, and this is the topic that both the Richards addressed, the user experience. With the advent of the 3G networks and their prevalence, their user experience towards a greater degree of security and privacy of the devices will become something that will become acceptable. By that I mean is that you have a high degree of encryption, it won't take you ten minutes to get it when you're paying the bill on your cellular phone, but it may take you the one second or the half second or something. So I think that's one of the real advantages. 3G networks will help some of the technology limitations that we are facing. The 3G networks are implementing high bandwidth solutions. MS. FINN: Greg? MR. MILLER: I'm going to echo Shekar's remarks. I think that's exactly on point. Two other points, one, what can we learn from Japan and Europe? It's a culture experience issue. Let's remember that the mobile web or the mobile Internet experience of Europe is driven by the fact that it takes six months to get a telephone line installed in a typical residence in Italy. Let's look at what's driving the culture, things within Japan that cause technology adoption, and finally I think Walter Mossberg yesterday made some telling remarks about 3G, and I tend to concur with them. I think everything we're hearing we need to factor by an order of magnitude of one or two years. If we think it's going to be next year, wrong, it's here in three years. I don't think 3G is going to nearly fulfill the promise that the hype would have you believe at this point, not that it never will, but we need to sort of think calm blue ocean and take a deep breath before we jump to the next flavor of the month. MS. FINN: Marc? MR. LEMAITRE: I think regardless of whether it's one year or three years away, I think it's undeniable that the panels that we've had this past two days have looked at some whatever in envy of what's going on in Europe and Japan and the perception that they are ahead. I worry that in sort of things that are going to drive mobile commerce and things like the location of services, that uncovering this location is going to be so important to us -- us, that's me an English man saying us, sorry. The American market, how about that, good lord, that I would again urge we probably have our own future already met and in our own hands. I've worked again with Danny Weitzner on figuring out what we have to do with P3P to make that the privacy protocol that offers the solution to the problems in the wireless arena, and what I'm concerned about is the time that it's going to take to develop that. And it doesn't mean to say we shouldn't develop it, but I think what we have to look at is what we've already got, the Smart card technology. Maybe the keys aren't quite as big as they should be and so they're too easy to crack. Maybe we've got to beat that key technology up, but essentially we have the component. The Smart Card already exists. We've got most of the protocols we need. You just have to uncover them and make them available to everybody and be reasonable about it but again using the analogy we're late to the dance, we haven't got time to go out and have our frock made for us. We'll take what we've got already and make the best use of it. MS. FINN: Richard? MR. PURCELL: Very briefly, I'm going it be the contrarian on this point and say I don't think they're ahead of us nearly at all. I personally do not need to download a cartoon character every day. I personally don't need to have a buddy list so that my phone tells me when people on that list or anywhere in my -- maybe there's a few people I would like to do that with. We have to be very, very careful about not confusing real consumer benefits that are consumable, long lasting, economic benefits with stuff. I'm starting to think that the model that is being discussed in the environmental community might work for me. I do not care for more advertising. I've got all I need. In fact, I would gladly sell my advertising credits to anybody who wants them so that I'll get less and they can get more. I don't necessarily believe they work in kind. I think we're being -- we haven't found an economic model that necessarily works for us, and I include in that things like location data. If location data -- if the business model for location data is lattes and pizza, then it's not a business model. It's not there yet. We don't have anything there yet. Additionally we have to compare the cultural differences that we have. It's a big difference from living your life in a country -- in Tokyo with 30 million people or in Canada with 23 million people. There's a little more space in Canada and that necessarily invigorates something of a greater degree of an idea of privacy that is more of the left alone space in physical space, and I've been in Tokyo and privacy is just like it doesn't happen. It happens inside your head. That's it so far. But we have to be very really careful about confusing cultural ideas, economic benefits, those kind of things with what we think of as progress. MS. FINN: Are there other questions and comments? Over here? MR. ALTSCHUL: I'm Michael Altschul of CTIA, and I wanted to offer a contrarian view of the panel's discussion on multiple standards and get reaction from the panel. First it seems to me that market forces are working very well to reduce the number of multiple standards in the United States, at least down to two if my tea leaves are correct, and second I guess I was concerned particularly here in the Federal Trade Commission to hear that technology standards are not a worthy subject for competition and perhaps a better subject for cooperation. It's been the experience in the wireless industry that for the first eight years there was one standard, standard decreed by the FCC. It was analog. The industry was characterized by a lot of cooperation and very little service or feature innovation. For the last eight years we've had multiple standards without the government selecting a standard, and the industry has been characterized by incredible innovation and services and features, and that's perhaps related to the multiple standards, and the prod it provides different vendors to come up with a better mousetrap. And finally, with respect to security, I would think that having multiple standards is like an insurance policy. If, for example, one digital standard's algorithm happens to be cracked and posted on the Internet one day, there will be alternatives to consumers. With one standard you have all your eggs in one basket, so those are the thoughts that I would be interested in hearing your response about. MS. FINN: Eric? MR. BERGERON: If you look at a particular class of teenagers, they can send instant messages. Think of a class of teenagers in the U.S. One is a Sprint phone. One is a Pac Bell phone. One is an AT&T wireless phone. They cannot send each other instant messages. That's a simple example of why Europeans are more advanced. MS. FINN: Marc? MR. LEMAITRE: It's where to compete and where to cooperate. It's that classic case. I will happily working for Nextel tell you not having to be created as a standard that I did very nicely, thank you, in creating a niche market in the business industry, so I would be a fine one to talk about trying to share that sort of technology with my competitors. They are being developed in competition with us and we know in the next generation we're likely to face stiff competition in this area, and I agree we have to find areas on which to compete but there's some basic things and I worry that if a competitor of mine's customer turns to my network or visa versa, God forbid, that he experiences a different level of privacy or security. That's what worries me is that there's some areas that we have got to agree that we can cooperate and when the fundamentals of the customers is concerned -- and maybe I don't need to be prepared to concede that different radio interfaces are capable of providing different types of service might be a good thing, but I don't agree that privacy is one of them, so that's my point on it. MS. FINN: Greg, just very briefly, and then we're going to have one last question. MR. MILLER: If you want to see the effects of multiple standards in practice, during my privacy stint with Netscape, I was working over in Europe, I could wander all over Norway and use a telephone there without a hitch at all, but how many of you have experienced the roaming experience in the United States? That is the effect. That's the rubber hitting the road at multiple standards. MR. STAMPLEY: David Stampley, New York attorney general's office. I was glad to hear some comments kind of like where's the receipt you get in the store or the statement of rights that run with the data. In fact, I guess the terms I've used is consumer privacy data is sticky. It sticks to you. It attaches liabilities to you, and you incur obligations, whether or not you're still discussing what is privacy, what should we be recording. But in terms of meta data about the promises that you did make to the consumer, if you're now touching a consumer, aside from recording what the permissions are, deciding how those are going to be communicated or stored locally or stored on another platform, how right now are people who are touching consumers and incurring obligations finding a way to record that so the consumers can have access and say this is the permission I gave dynamically while I was on the golf course and it started raining and I was looking for an umbrella shop nearby or where someone who right now such as myself is involved in enforcing general consumer protection laws that do exist. Where do we go to look to see if in fact the promises were kept because it's kind of empty to say, I did a good job, I kept my promises, trust me, there has to be a verifiable way the moment you start touching consumers of demonstrating that. MR. LEMAITRE: You do need a higher authority to trust and the specific example if I were to read from the bottom of this receipt, which tells an awful lot about my habits, so I'm not going to read the rest of it, but it says, Card holder acknowledges receipt of goods and or services in the amount total shown hereon and agrees to perform the obligations set forth by the card holder's agreement with the issuer. And a receipt like that would fit quite nicely on the screen in one of these web phones so I think the card holder's agreement doesn't so you have to find some other way in order to be able to sign this up, but ultimately my trust is in the agreement that I signed, so it comes back to a governance issue. I think the mechanisms are there in order to be able to sign and exchange contracts, sit it on top of the web standard P3P, make it -- the user interface is clear if not completely obvious from this that this receipt fits on a wireless phone, but the card holder's agreement doesn't. There's significant parallels, and what I'm saying is we probably got the tool kit to make these things happen already. All we have to do is apply them to the problems we've got today. MS. FINN: Thank you very much. I'm going to stop us now and try and keep us on schedule, but I want to thank the panelists very much for a very interesting discussion. We're going to let these panelists go back to their seats, and we're going to invite up the next panel which is going to discuss emerging self regulatory initiatives in the wireless area. This is not a break in the proceeding so please don't start making phone calls and wandering out. Thank you. (Pause in the proceedings.) PANEL ON SELF-REGULATORY INITIATIVES PANEL MEMBERS:
JOEL C. WINSTON, MODERATOR, FTC
MICHAEL F. ALTSCHUL
TIMOTHY DEPRIEST
JOHN W. JIMISON
DAVID SOBEL MR. WINSTON: If everyone can sit down, please, we'll get started. Let me reintroduce myself. I'm Joel Winston, and our next panel is on emerging self-regulatory initiatives. I think you've been hearing quite a bit about self regulation in bits and pieces over the last day or so, and now we're going to have a more comprehensive treatment. Now, we at the FTC are very big fans of self regulation, if it's effective. Obviously it makes our lives easier, and the model we often point to is the National Advertising Review Council which is the self regulatory arm of the advertising industry. That body is a highly effective organization in resolving disputes involving deceptive advertising. While FTC law enforcement serves as the ultimate backstop for those who don't comply with self regulation, rarely is it necessary. The system works very well. We're very encouraged that a number of organizations have already cropped up in the wireless area to put together self-regulatory codes that provide for the protection of consumers' privacy. Now, we realize there are a lot of thorny problems here, and I'm sure we'll be hearing more about those in a few minutes, but we are looking forward to the further development of these codes. This afternoon we have four panelists who are involved in self regulation or who are going to be commenting on it. Each will speak briefly, and then we should have time for some questions at the end. Let me introduce each of them right now as a group and then each will get up and speak. Our first speaker is Michael Altschul, who is the vice president and general counsel of the Cellular Telecommunications Industry Association, CTIA. That's an international trade association that covers all commercial mobile radio services including, of course, wireless. Next will be Tim DePriest, who is the vice president of Ad Force Everywhere and the founder and chairman of the Wireless Advertising Association. Third will be John Jimison, who is a partner at a Washington, D.C., law firm, and he also serves as the executive director and counsel of the Wireless Location Industry Association. Finally we'll have David Sobel who is general counsel of the Electronic Privacy Information Center, EPIC, a public interest research center here in Washington. So, Michael, why don't you begin. MR. ALTSCHUL: Thank you, Joel. How do I get started with the laptop? Thanks. Thank you, and I want to thank the Federal Trade Commission for having assembled such an excellent workshop. I thought I was pretty familiar with these issues, and have been humbled by how much I've learned and how much there is to learn from all those who have spoken before. I've also been very pleased by the positive reaction to CTIA's Fair Location Information Principles, which I think reflects the fact that first we've had the opportunity to learn from other's errors, and, second, that our members have been receiving some very clear signals from their consumers, from consumers about their privacy expectations, particularly with regard to location information which is a level of information which heretofore has not been generally available or considered by consumers. I wanted to also note that for the past 15 years, CTIA has been called the Cellular Telecommunications Industry Association. It began representing cellular carriers, then included PCS and we had some carriers followed by their vendors, but just last month we combined with the Wireless Data Forum. That gave us the opportunity to change our name. We're still CTIA, but now it stands for the Cellular Telecommunications and Internet Association. And for the first time our association includes the wireless application service providers, data developers, device makers that will make the wireless Internet world real. I thought that before getting into our proposal, I'll take just a minute or two to quickly describe how we came to be involved in location information. Jim Schlichting in his presentation earlier today touched on a bit of it, but it all comes from the FCC's wireless E911 preceding, known to us who practice at the FCC as Common Carrier Docket 94102, and it was in that proceeding that the FCC required carriers provide in the provision of E911 service the public emergency dispatchers, a group called PSAP for Public Safety Answering Points, the location of the caller. It turns out that these PSAP employees, these dispatchers, are government employees. Oftentimes they work for the local police or sheriff's department. In California they work for the State Highway Patrol, and this triggered concerns, legal concerns that providing location information to police might inadvertently trigger the prohibitions on providing this kind of information which are contained in the nation's wiretap laws, the federal wiretap laws, which really prohibit a carrier from providing location information to the government absent an appropriate order. We supported and continue to support the new E911 capabilities, and we urge the FCC to address this issue so that the unintended consequence of the wiretap laws would not interfere with the provision of location for locating callers and for dialing 911. The FCC sought and obtained an opinion letter from the Justice Department's office of legal counsel, and that letter actually can be found at the FCC's web site as a document in this docket, and it's very interesting, the logic that the Justice Department opinion letter provided to permit this use of location information by government employees. They basically reasoned that when somebody calls 911, that person is seeking to be helped or seeking to help someone else if it's a samaritan call and in so calling has given implicit consent, not explicit, but implicit consent to have their location identified so that assistance can be provided, and it was on this basis, this idea of implicit consent, that the FCC proceeded and adopted the rules that Jim described today. Last year Congress codified this result, again Jim touched on it, in the Wireless Communications and Public Safety Act of 1999. This is the so-called 911 bill, and the exception was codified in Section 222 (d) (4) of the Communications Act. The same bill amended the FCC's CPNI rules, the Customer Proprietary Network Information rules, by including location information within the definition of CPNI and by requiring the express prior authorization of the customer to the disclosure or use of location information. CTIA was very proud to support the 911 bill, and after it was signed into law, we began working on its implementation, and this is sort of the path that brings us to the proposal that we filed at the FCC last month and has been mentioned before, and once again, our goal is to provide consumers with a uniform set of privacy expectations and to provide service providers with a safe harbor if they adopt these principles. And our principles, as you'll see, are based on what I hope are becoming the now familiar Fair Information Practices, though I may need help again getting started. I wanted to start with this slide because this is the slide we use to educate our members, and I start with it to underscore that carriers and service providers are looking for principles that permit them to enter a safe harbor, and we have three points that again are drawn from the basic principles, and we also have the additional point of neutrality. We've talked about different technical standards, different interfaces, and we think that consumers shouldn't have to worry about what network they're on or what digital area interface they're using but can focus on a common privacy expectation. The principles then are notice, consent, security and integrity of information and of course these technology neutral rules. Notice is to provide the customer with specific information on how location information is going to be collected and used before any disclosure or use of location information takes place. Consent of course is defined in the statute, if you're a carrier, but in our request it's described this way, to obtain express authorization prior to any collection activity. The words express authorization come from the statute. We recognize that this is an emerging field. We recognize the advantages and disadvantages of different kinds of devices, whether it's a small screen of a phone or the medium size screen of a PDA or a normal screen of the laptop with an air interface card, and we're seeking flexibility as to how this meaningful consent can be provided, but the bottom line is a consent must manifest the customer's desire to participate in the location service or transaction based on a clear disclosure of what the customer's consenting to. Security and integrity was an issue that was fairly easy in the wireless industry because coming from the telephone industry tradition, there is a long record of dealing with the integrity of call detail information, the kind of information that both wire line and wireless companies collect in order to render bills, and so what we propose of course is that that kind of security continue and apply to location information. We also have proposed that any third-party to whom location data is provided probably under the contract model that's been discussed, that that third-party will commit to the provider's location information practices. And as I mentioned, technology neutrality has been a hallmark of all of our association's public policy principles, and it has to be continued here to assure that consumers understand the protections that you see. Finally, I wanted to point out that the CPNI rules apply to carriers where the FCC's jurisdiction naturally resides, but we also have non carriers providing location information services. GM's OnStar offering is but one example, and we would like to combine the rules that the FCC adopts with a wireless industry self regulatory initiative that would mirror it so that all consumers would have a uniform expectation of privacy for location information regardless of who they were sharing their location information with. And finally just as an overview, there was filed with the FCC last month, and it's my understanding that the FCC intends to put it out for public comment very shortly, and it was filed in case you were wondering with the full support and an affirmative vote of our board which has strongly endorsed these principles. Thank you. MR. DEPRIEST: Well, thank you again to the Commission for inviting the Wireless Advertising Association to participate in today's conference. I apologize but I've got that right before I go on vacation cold to deal with. My name is Tim DePriest, and I'm the chairman of the Wireless Advertising Association. Just a second to back up and explain who we are. We were founded back in April of 2000. We are an association that has 250 plus companies that represent every major geographic region around the globe, and those companies include various segments of the wireless industry, the wireless content industry and the wireless advertising industry. That would include carriers, device manufacturers, agencies, advertisers, content providers, service providers, ad servers like my company, Ad Force, and ad sales companies. We took the approach that if we were to address standards and guidelines in the wireless advertising industry, that the only way to do so would be to compile as comprehensive and as broad a segment of the industry in terms of the companies that participate in that environment. What I'm going to talk about today is privacy, but I want you to also know that we're involved in creating guidelines and standards as it relates to the actual ad created, the look and feel, the experience that the user has with the advertisement, how that ad is delivered, how it's measured, various research, privacy, consumer acceptance, location based services. All of those elements that go into a wireless advertising experience, our association has initiative teams that are driving down the level of detail necessary to develop guidelines and then disseminate not only those guidelines to our member companies but also to the industry at large, and for any of you interested in looking at those in a little bit more detail you can find those at Wireless Ad Association.Org. The goal of our WAA privacy guidelines is pretty simple. One, we want consumers to be in control of their personally identifiable information; two, we want to encourage and promote the climate of trust that occurs in the industry so that consumers and their providers can come together. In the end, the robust content and service experience is given to them, advertising just being one type of content that would be delivered to them. The principle that we have expounded to our member companies and to the rest of the industry ins that you have to adopt a privacy policy regarding the collection, the use of personally identifiable information to make it readily available to consumers and encourage all of your business partners to do the same. It's not enough to come out with a privacy policy adopted, communicated to your consumers, but every one of your partners that you're dealing with has a completely different stance on wireless advertising privacy. When we put together these privacy principles, we didn't do so in an vacuum. In fact, we didn't try to recreate the wheel. Before I talk about the four major components, I just want to touch on briefly the sources of information and guidance that we gleaned upon before we compiled the initial set of privacy guidelines. We looked at the Internet Advertising Bureau and what they had done, the Network Advertising Initiative, the Online Privacy Alliance. We went outside to independent groups like Junkbusters, MAPS, which is the Mail Abuse Prevention System. We looked internally to our own organizations and our legal counsels and privacy executives within each company, and then we also leveraged various government guidelines and statements that had been written about privacy. Putting all those together, we actually came up with something that is very much similar to what Michael has just gone over: Four areas, notification, choice and consent, security and access, and finally we threw in a little bit on wireless SPAM. Notification, first of all, you have to notify your wireless subscribers how personally identifiable information is used, how it's collected, how it's stored, where it's stored, how do you ensure the security of that storage, which third parties would have access to that information if any, is it mandatory that they provide this information to you, and then finally if I haven't already mentioned it, how will it be used not only today but how do you see it evolving. That in terms of notification, making your subscribers aware of that is extremely important. Secondary relates to choice and consent, and quite simply it's about providing notice of the fact that you are collecting that. Second is that you're providing the choice to the consumer for the use of their personally identifiable information, and finally that there should be no new use after they have provided the initial choice of that information, additional use of that information created without their consent. Third area relates to security and access, again ensuring that the personally identifiable information is accurate and secure, and by accurate, the second part of that is obviously providing the subscriber with access so that they can make adjustments to data to ensure its accuracy or to delete it entirely. Finally on wireless SPAM, SPAM for lack of a better expression is bad to put it quite simply. We do not believe that advertising or other wireless content should be pushed to a subscriber, and by pushed what we mean is you're receiving at a time that, one, you don't want it, or two, that you had -- that it was being sent to you maliciously. You had signed up for maybe a newsletter, and that information may have been shared with someone else, and therefore they're beginning to send you down messages that you wouldn't otherwise have wanted. What we have done as part of the association is come out with a stance that the permission that I provide to someone to send me newsletter information advertising content at pre defined periods of time is not transferrable to another party. That agreement is directly with my content or service provider. Two, we have provided instructions within our policy by which you can identify when you are receiving this push advertising and what are the mechanisms for you to then go about avoiding it in the future, and then finally on our web site and as part of the broader association document or broader privacy policy, you'll see guidelines and examples of inappropriate messages, both advertising and content related messages. What we've tried to do as an association is take a first step, and clearly we're not standing before you today and advocating that this is the end all, be all privacy policy as it relates to the wireless environment. This industry is in its infancy.We are coming out with something that is the first step, the momentum that's going to carry us forward, but clearly we welcome working together with our partners and other associations and also the government to craft those policies as the industry evolves. And with that, I'll turn it over. MR. JIMISON: Thank you. Good afternoon. My name is John Jimison, and I'm here representing the Wireless Location Industry Association, and if that's a very new sound to you, it's because we were only organized last month, and the reason we were organized is about ten companies who are dedicated to achieving the commercial benefits of the new technologies of locating wireless signals and wireless devices decided that they were special enough in their orientation and in their focus and in their determination to do it right and to do it with a very positive interaction with their customers and with the public as a whole that they deserved to have their own organization to make a place to talk about it and to move forward. These companies include various technologies, various kinds of software, hardware providers, and certainly the association intends to be open to regulated and unregulated companies and all companies who have a principal focus on the benefits of a wireless location space. Now, of course I'm just delighted at this workshop because it has been a very comprehensive workshop, and there's been a wonderful introduction to many of the topics that will be coming up, and the lead one that our companies all identify as the lead one, the one that is a show stopper for their business, is privacy. They know, and I think Larry Poneman suggested this morning, that start ups need to have focus on this. They do have a focus on this, and it's because of their need to deal with it proactively and cost effectively that they're trying to do it jointly as well. And all of these companies recognize, as Alan Davidson mentioned this morning, that the consumer is simply not going to use a service that he can't trust. We want to have our services trusted, and we want to work together to help build a reputation that they can be trusted, including having self regulatory processes. So we plan to be very proactive. We've had meetings even as we were getting organized with people on the Hill, with FTC staff, FCC staff, privacy interests and others, and we certainly plan to be involved over the coming months. We commend the CTIA on their initiative at the FCC. We hope that the commission as Michael suggested does move forward, create a rulemaking process that will initiate a dialogue, a dialogue like Commissioner Thompson suggested this morning that will be flexible and organic and will respond with considerations on privacy as the applications raise those considerations, will not over react, will not be simplistic, will not deal with platitudes or broad proscriptions or prescriptions but will fine tune standards that will meet the needs and yet leave the space for the commercial benefits that consumers will also be looking for and which we are convinced are there. So WLIA, particularly because it will include many unregulated companies, is very interested in self regulation methods, and we're going to be looking very hard at the most effective ways that we can find of disciplining our industry by setting high standards, by rewarding and noting companies who meet those standards, by being absolutely open to suggestions that standards need to be higher or that standards are not being met by certain companies and within the bounds of what we can do of putting the pressure on companies who are not willing to engage in this business while meeting the standards, which our founding companies are all convinced can both be done simultaneously. So because we're too new even to have a Power Point presentation, I don't want to take up a whole lot of additional time, but I do want to again thank the FTC for organizing this, for giving us a chance to introduce ourselves at it, and to express to all of you our desire to work together constructively and to make the new wireless location services industry a very major and positive benefit in the economy without raising the kinds of problems we've all been talking about. Thank you. MR. SOBEL: I'm David Sobel of the Electronic Privacy Information Center. I usually do use Power Point presentations, but this was actually one of those rare occasions where when I left my office, I wasn't entirely sure what I was going to be saying about a lot of these issues, so to a very large extent, I'm talking as a result of what I've taken in over the last couple of days. And I also want to thank the Commission for putting this forum together because I think it has been very useful, and I think it also reflects kind of happily what I'm hearing seems to be a developing consensus on many of the points that are important to my organization and I think to most users and consumers. I want to go through them. I think they're really pretty -- the consensus is pretty well reflected in the CTIA proposal as Michael set forth, first of all, the concept that consumers should be well informed of the collection and use practices of the provider, and I emphasize well informed because that's the language Michael used, and I think that's important. Similarly the terminology that should provide a meaningful opportunity to consumers to provide their consent, again I underscore meaningful because I think, as I'll talk a little bit more about it in a minute, the implementation of these concepts is where we tend to get hung up and where I think we really need to focus, so I think it's very important that that opportunity be meaningful. The other positive part of what I hear is the developing consensus is that we seem to be moving toward an agreement that in this space the standard should be opt-in, and I think that's very useful, and I think we'll save a lot of the people who have been involved in other privacy debates a lot of time and a lot of headaches if we recognize going in that that is our starting point. And I also think that the CTIA emphasis on technological neutrality is very important because again I think it's been very clearly laid out that this is a technologically complex environment, and there's no realistic way for the average user to understand who the various parties that are in the chain of custody of the information we're talking about might be. So I think it's really critical that we do level that playing field and have guidelines that apply across the board and really focus on the kind of information and establish rights for the consumer because the only real common denominator here is always going to be the user, regardless of what the technology is, regardless of what the device is. The common element is the user, and that individual I think really needs to go into this environment with some clearly defined rights and expectations. I think that consensus, if I've accurately reflected it, really shows that the privacy debate generally has moved ahead quite a bit since the early discussions that the Commission hosted to talk about Internet privacy. I think that we're now engaged in a much more sophisticated and mature debate, and I think that really shows progress. Part of what I think we saw in the earlier stage of the debate is that we tend to get hung up on a lot of buzz words, and early on in the Internet privacy debate one of the big buzz words was privacy policy, and the big question was, Does a site have a privacy policy or doesn't it, and then we moved beyond that and started to look at the content of those policies, but even there, there were what I considered to be some buzz words that didn't necessarily have a lot of content like notice and choice, and I'm not sure that we have yet fully come to understanding or agreement about what those words should mean. So I think we have to in this discussion start to flesh out a lot of these areas of general agreement, and I think it's been well stated already by many of the other speakers what constitutes well informed, what does well informed mean in this environment where we're talking about very small screens and not providing the kind of real estate that we have on traditional web sites to convey information to people, so I think that is a real challenge and that's something we have to pay a lot of attention to. Similarly as I said before, what is a meaningful opportunity to provide or withhold consent. I think these are areas where maybe we're going to need more real world testing. If a proposal is put forward to use a certain means of notice or a certain means of eliciting consent, maybe we need to put those mechanisms in front of real consumers and actually ask them, Do you understand what's happening here and do you understand what you're agreeing to. And that might be something that the Commission could play a useful role in, actually get some real world reaction to some of the mechanisms that are likely to be proposed. So I think all of that is the good news. On the bad news side, and I'm not sure that it really is bad news, but I always get a little nervous when things are couched in terms of self regulation, and that of course is the way that all of these proposals are being characterized, although I'm not sure that's entirely accurate. I think most people agree. I'm sure there are some people in this room who would disagree with me about this. But I think another one of the -- another developing consensus is that self regulation, pure self regulation really has not worked that well with respect to Internet privacy. I think there's a growing recognition of that in Congress, and I think the Commission has come to that conclusion. So I would like to move us away from the mind set of self regulation, and I would also suggest that this is an environment in which a legal framework is probably easier than it is with respect to the Internet and probably more appropriate also. I want to tick through a couple points that I think make this environment a little bit different. First of all, we don't really have the jurisdictional questions that we tend to have with respect to the Internet, whether U.S. law can do certain things or not do certain things. My understanding of the technology is that the actual collection of location information is always going to be local. There is a user who is located somewhere, and there's a nearby cell tower or some other means of collection that I don't think raise the kinds of jurisdictional problems that we sometimes have when we're talking about Internet privacy issues. Another difference is that much of this landscape already is regulated. There is a government mandate as we've discussed for E911 location information. There's the CALEA mandate, and we already have legislation dealing with privacy issues with respect to wireless, the Wireless Communications and Public Safety Act, and in fact, and this is why I question whether this is really purely self regulatory as Michael's presentation indicates, it's that legislation that has motivated the development of these proposals. So I think that's a very good model for the way that government, through a legal framework, can really move the industry process ahead, and whether we want to call it self regulation or not, I think this is clearly an example of government activity in this area having a positive effect, and it's prompted a lot of the discussion we're having. Also there are many parties involved in these transactions, the software developers, the hardware developers, the service providers, the content providers. I think in that kind of environment a basic legal framework will really assure uniformity, and I think that's important here. And I think we also have a unique opportunity given the early stage of this technology, the fact that business models are being developed right now, and I think that we have a good opportunity to avoid some of the problems that we could have if the infrastructure moves forward and the business models moved forward before we clarify a lot of these issues. Finally, the last point I want to make because time is short, a purely self regulatory approach cannot deal with the legal access issues, and those have already been touched upon. Whether it's law enforcement access to location data that we're talking about or civil litigants access, I think this is likely to be an exploding area of discovery. We already know from the Colia proceeding that the government, law enforcement has a keen interest in obtaining this information, but I think we're likely to see a similar explosion in the civil litigation area. With a somewhat related area, which is the Easy Pass systems that we have on a lot of highways, we're already starting to see that. That information is increasingly being sought both by law enforcement and by civil litigants, so I think that's something that we really have to pay attention to because as much as the providers think that they are in a position to control the way this information is used, I think increasingly without very clear legal guidelines they are going to find that that's not the case. So to sum up I think there's a lot of common ground that's been expressed that I think is a very hopeful sign. I think there's a lot to build on, and I will leave it at that. Thank you. MR. WINSTON: Let's take a couple of questions. MR. HALPERT: Hi. I'm Jim Halpert from Piper Marbury for DMA. Jerry Cerasale couldn't be here this afternoon but asked me to pass along some of DMA's thoughts about some of the interesting proposals that have been put forward today. Clearly location information is CPNI and is sensitive information. David offered very clear examples of the way that a cell phone can be used as a sort of homing pigeon device or a device to monitor where people are going, and I think there's pretty broad agreement that that is a particularly sensitive type of data that is uniquely an issue in the wireless context, and Congress has already made a decision to regulate that as CPNI under the whole CPNI regulatory regime. But David's talked about an emerging consensus, and I think there's some very complicated issues that were set forward in the first today's discussion, in particular in Danny Weitzner's presentation around how one might try to apply some of the opt-in models. For example, in Tim DePriest's thoughtful presentation on the WAA guidelines, how one would apply opt-in in situations where the sender of an E mail, for example, has no idea whether the sender is communicating to a wireless customer or to a customer on a LAN line connection to an ordinary Internet access outlet. For example, the AOL Anywhere technology will make it seamless whether a user is logging in from their cell phone, from a DoKoMo cell phone or from their home computer, and it's very important as we think about the type of regulatory mechanisms or self-regulating mechanisms that the process be transparent, that it not draw distinctions that are really impossible as a practical matter for people to follow. And the WAA guidelines are a helpful starting point for discussion, and DMA looks forward to working with Tim and others at WAA to figure out how we can make these principles really work in the world and to flesh out some of the ambiguities. There's an assumption in some of WAA's materials that a whole lot of communications that aren't really true push communications might be covered, for example, sending an E mail to somebody when the person can decide whether to log in and retrieve E mail on their cell phone or from their home computer is a different matter than paging somebody in effect while they're walking around with their cell phone when they get close to say a McDonald's, encouraging them to go to a McDonald's while their phone was on. And it's important that we all give a lot of thought and not rush to assume that there's a consensus beyond the points that really raise unique privacy concerns in the wireless context. So with those statements, DMA really welcomes working with everybody on this panel and with the Commission to come up with some workable guidelines to protect wireless privacy without regulating too quickly in a medium in which, as we've heard, there's tremendous flux, and people really aren't sure where the medium is going, but at the same time coming up with methods that will increase acceptance of wireless devices for all sorts of commercial and non commercial uses. MR. WINSTON: Does anyone on the panel want to comment on this opt-in issue or would you rather just let it go? You're not suggesting, Jim, are you that in the interest of consistency that both for the wired and wireless the rules should be opt-in? MR. HALPERT: No. MR. WINSTON: I wanted to make sure of that. MR. HALPERT: I think that that would be a very controversial proposition, and the emerging consensus is around the uniqueness of the location information around the wireless and also the prospect that consumers would be paying to receive messages that they didn't request, but where there isn't payment or whether that's not clear to the sender of the communication, this really becomes more like garden variety Internet communications which haven't been subject to an opt-in. Opt-in is reserved for sensitive information. Thank you, Joel. MR. WINSTON: Maybe one more question? If not -- all right. MR. HENDRICKS: Since I started this idea, I think this is an example of the -- the wireless industry -- one of the dynamics that's gone on in industry privacy debates is those industries and companies whose core business is trafficking and personal information are usually ones driving the debate. And if the wireless industry that tends to have seen pro privacy standard is very integral to making a medium work as a business model. One of the challenges will be dealing with the kind of arguments you just heard from DMA and from some of the other traditional industries that have usually dominated industry discussions about setting privacy standards, so I would -- as DMA comes knocking on the door I would urge you to hold to your guns. MR. WINSTON: Why don't we a break now for about 15 minutes, and we'll concentrate on that. Thank you for the panel. PANEL ON WIRELESS ADVERTISING: WHAT FORMS WILL IT TAKE AND HOW WILL DISCLOSURES BE MADE? PANEL MEMBERS:
C. LEE PEELER, FTC, MODERATOR
MICHAEL D. DONAHUE
BARRY PETERS
STEVE LUCAS
ROBERT E. LEWIN
SEAN THOMPSON MR. PEELER: We're down to the last panel, and I think it's going to be the best panel yet. At least that's the objective here. My name is Lee Peeler. I'm the Associate Director for Advertising Practices, and this last panel this afternoon is designed to talk about exactly that, about advertising and about what types of advertisements we're going to see in this wireless environment, what we're seeing now and what we'll see in the future and then address the very important question of in this new environment how will we be making disclosures of important consumer information. If people remember back to the early 1990s, the question was, would there be advertising on the Internet, and I think it shows the progress we've made, but right now the question is really not whether there's going to be advertising on wireless but what it's going to look like. And as I said, we're going to talk about what ads look like today, what they'll look like in the future, and then how do we make disclosures. And finally there's a new federal statute called E sign designed to encourage electronic commerce by allowing electronic signatures, and by encouraging the disclosure of information electronically. And at the end of this panel, we want to try to speculate on what the impact of the wireless environment will be on E sign. We have a great set of panelists today. Mike Donahue is the Executive Vice President of the American Association of Advertising Agencies where among duties he's responsible for all digital media initiatives. Sean Harrison is president and CEO of WindWire, a wireless advertising technology company. Bob Lewin is president and CEO of TRUSTe, an independent nonprofit group which has established an Internet privacy seal program. Steve Lucas is the chief information -- is the chief information officer and chief privacy officer of Persona which provides consumers with the tools to protect and manage their privacy, the privacy of their information online. He's also president of Privaseek, a privacy consulting firm, and he's one of the originators of the P3P privacy initiatives that we've heard a lot about throughout the conference. And finally Barry Peters is director of Emerging Media for Lot 21, an interactive digital marketing and advertising agency. He and his group were the first to place live web content in a TV commercial and to advertise on a mobile portal. So the format today will be first to have presentations from Barry and Sean of ads that they have actually developed or their companies have placed in the wireless environment so we're going to start with Barry Peters. Thank you, Barry. MR. PETERS: What I'm going to talk about briefly is just a couple of ads that we've indeed developed for some of our clients. The first ad I'm going to show you was run over the AvantGo network. AvantGo is a web based network which allows Palm and PDA subscribers or users to sign up, opt-in for specific content, various channels if you will. Yahoo has a channel. Fox Sports has a channel. CBS has a channel. CNET has a channel, and they can get content updated every time they sync so you're physically connected to a wire to your PC every time you sync. As long as you have an Internet connection your content will get updated. Back in May or April of this year we went to AvantGo. They had no advertising on their network. We asked if we could give it a shot and try some advertising. We were targeting IT professionals for one of our clients called Intraware. We worked out a deal, and this is what we came up with. When you would sync your Palm Pilot and you had an Internet connection, increase the size here, you have a list of your channels, and you can get into your content. Right above that was 32 characters of text that said something to the effect, are you an IT professional, check out the sweepstakes. Once you clicked on that, this is all in a wireless environment, but again keep in mind there's no wireless connectivity. You're walking around. You have no wireless connectivity. It's already pre loaded on the Palm Pilot. The user would click on it, and they would get some fairly robust graphics. It's limited. It's gray scale but it's much more robust than the 18 characters you can put on a cell. You can scroll down to get more information, read through it, and ultimately the user's name is pre populated into the E mail address. All the user needs to do is click send. Next time they sink, that information is sent out and they're subscribed to a newsletter. It's purely opt-in. The next one I'll show you is very similar for another one of our clients called CNET. They had a similar objective. They were looking to reach high tech users, Palm Pilots, PDA users, AvantGo subscribers are their target audience. What we did here was a little bit different, very similar approach but this was the first color ad on AvantGo. Both of these ads were the first and since the launching of both these ads, AvantGo continues to do advertising and has signed on clients such as Nortel, Sun, I think maybe even Microsoft. The next ad I'm going to show you is what we call a -- is a physical channel. I don't have a full demo of this thing, but it will give you an idea of it. This is an AvantGo channel that we put together for Lot 21. You can see up here it's very graphical. It's gray scale. You sync to it. Any time you sync we can update information. Our information is fairly static, but we can update phone lists, directions, et cetera, so in here it's a beamable application again. The information is updated at the time of sync. The information is updated at the time of sink. You can navigate through here looking at the vision, capabilities, et cetera, get some background on Lot 21. At the point of desire to get more information there's a subsequent application which is called a PQA, and that's a downloadable physical application that resides on your desktop, and that has wireless connectivity, so you can click on a button rather than diving down into the content residing in your Palm, and will actually fire off a request to your modem to go out and retrieve real time data. And the last ad I'll show you is a wireless ad for our clients Intraware on the CNET WAP network, and this again is just giving you a physical demonstration of what an ad looks like on these wireless phones. Keep in mind wireless phones, there are 80 or 90 devices in the U.S. that I know of at least, multiple carriers. It's very difficult to serve across these. Sean from WindWire can speak to that better than I can, but those are my examples. MR. HARRISON: Hi. My name is Sean Harrison. Lee asked me to take some sample ads that we have on our web site and use those as an example just to show you various formats and also definitions of different kinds of ads and response mechanisms, so let me bring this up here. Let's see. I've got a bunch of ads here, so I'm going to pick five or six ads. I'm going to start with something that's a less functional kind of advertisement, and it will take a second to spin up the CD. The first three are going to be phone ads, and the next three are going to be PDA ads, and the concept here is the user will be going to a new site for example, in this case the NANDO Times, and at the top of the advertisement, there could be a link, and the two bracketed top links that you see up here or top lines that you see are ads for the NANDO Times, and by selecting the link button, they could read NANDO, or they could click down one and they could speak with an ad rep, so this would be what we would call a call through. It's a very low function kind of ad but it has a link that in this case would enable the user to call the NANDO newspaper site to subscribe to the paper. Next we'll do something a little richer. This is for Old Navy, and here the user could see an ad. This would be interstitial, a full page kind of ad. They could enter a zip code manually so the location of the Old Navy store isn't being derived by the network but by the user actually clicking a Zip Code on, and it automatically went off to find the Old Navy store in the region they specified. Here is an example for a mocked up paper we call the Baltimore Tribune. The user would be walking down to the entertainment link, and in this context again, an interstitial would be displayed to the user which would be a graphical kind of ad, and they have an opportunity to make reservations by clicking on the reservations link, and it would call them through to the restaurant they might be interested in going to. Next I'm going to walk through three examples for a PDA, and in this case I'm going to start with Hoover's, and this would be an advertisement on a Palm device that would be embedded in the contents. This would be the top section of the content and the business section of an online portal, more analogous to a banner on the wired space. And next, this is a Dell ad. It's got a right justified embedded in content. The user has the ability to select, and it's more of an interactive kind of ad. In this case they could look and get the prices for the latest Dell computers that are available on their wireless web site. I know this is so exciting you just can't take it. I'm only going to do one more, sorry. They placed it somewhere else, that's right, so bear with me one more minute. This is a full-page interstitial on a PDA, so in this case the user would be on a particular site. Let's see. I'm not sure what's happening. I won't belabor it. The whole point is you get full page interstitials on a PDA. You get a full page promotion and then you would be able to click through to that particular promotion or you would just time out and you would go on to the content that the user was selecting, and with that I'll stop. MR. PEELER: Can we have the lights back up? Thank you, Sean and Barry. I think that was a very helpful example of what types of ads are out there, but let's make sure we have the full list. Are there types of ads that weren't illustrated here that we should be considering? Mike? MR. DONAHUE: My experience is I've been working with a group trying to develop ad models for the wireless space, and I think the illustrations here, I think the ads here are illustrative of what's going on. The only things I've heard about are some very primitive text ads that are being used by a variety of people, but I think the ads you saw here are very representative. MR. HARRISON: I think the area where there's a lot more opportunity are the response mechanisms. On the wired web the response mechanism you have is a click through to some destination web site. In the wireless arena, as we illustrated here you have an opportunity for call through. You have an opportunity to have a notification, be sent back to you. For example if you were interested in an advertisement for the Capitals tonight but you couldn't attend that particular hockey game, you can request a notification be sent to you within the next week for subsequent kinds of promotions like that so there's times you notify. So I think we'll see opportunities not necessarily for more ad formats but just mechanisms to interface and interact with the consumer or the merchant. MR. PEELER: Barry, do you agree with that? MR. PETERS: I do. We currently are taking a point of view to advise our clients to use wireless advertising as an extension of a media, really to focus on customer retention as opposed to customer acquisition, and we believe that the market is so small for users of wireless enabled devices at this point in time, it's growing rapidly, but physically surfing the web with one of these things is not seamless. So for the most part what we are working on is developing web sites with targeted content. One of the challenges we're facing is the whole hype of the wireless web. When people think of the wireless web they think of here's my 15 inch monitor, I'm going to put it on this device. That's not what we should be doing. That's not the way we should be thinking. What we should be thinking is I need to get stock quotes, I need to get inventory information. That's the type of data that should be delivered to this device, very short text messages. We're not talking about putting banners on here with a graphic illustration. Maybe in a year or so, but I don't believe we're going to see that in the next year. MR. DONAHUE: I think one of the things as we move forward here is that as we develop ads for this space that maybe we do the opposite of what we did in the early days of the Internet. I think in the early days of the Internet we over promised and under delivered. Here we have an enormous opportunity to basically under promise and over deliver, and I think it's going to be critical to recognize, and Mark Andreessen had a great comment in yesterday's New York Times. He says all the attempts to graft the browser interface on top of a cell phone are going to fail. The key is you have to say, Okay, what do people really want to do when they go mobile, and as these guys have said probably some level of E mail, some level of information access like traffic reports, maybe or maybe not E commerce, but I think it's critical that we don't be too polly-annish in this space. Obviously the thing people want is privacy. There's no doubt about that. I think we're going to end up with an opt-in, but when it comes to the ads we have to be very careful and not over promise. I think we did that probably two or three years ago in the days of the Internet. We don't want to do that again. MR. PEELER: I think today people have talked about the concept of push advertising and pull advertising. Somebody want to take a shot at defining that? MR. HARRISON: Sure, so the easiest analog is the pull advertising would be similar to going out to CNN, ESPN and having an advertisement either embedded in the content or an ad pop up as you are out proactively surfing so it's synchronous with you the user going and retrieving information. Push advertising on the other hand would be analogous more to an SMS message being sent to you that has an advertisement or I should say analogous to often E mail where you get something sent to you asynchronously which I guess in the wireless space SMS is probably the closest example today, although clearly you could do it with WAP alerts and that has the opportunity to really be a pain in the butt if you're walking past McDonald's and getting beeped every time, so clearly that could be problematic. MR. PEELER: To what extent -- you're talking about opt-in in E mail but to what extent is SPAM out there now and to what extent is it a problem? MR. DONAHUE: I haven't heard too much about the wireless SPAM. Quite frankly I think anyone who creates SPAM in this space is flirting with danger not only from the consumer standpoint but obviously from the FTC with good reason, and I think that one of the critical things that has to happen is that this is -- the mobile web anyhow is going to be location based. People have to -- as I said one time I said if you look at an off line ad, an off line ad says something. An online ad on a computer screen does something. An on line ad here does something now and here, and if you are not requesting that information, if someone is sending you SPAM, I just think that that model will not fly. Not only will it not fly in Washington and all the things that are going to happen if we do that. It's not going to fly with the consumer, and all the test experience I've seen to date proves that. There are examples of people sending ads down that don't require the caller to pay for the call and these are on PDAs. They're sending free messages and the experience is not only do they want to opt-in. They want double opt-in so I think SPAM is not going to fly. MR. PETERS: I tend to agree. I think SPAM is not going to fly, but we will see it though as we saw on the Internet. I come from the direct marketing industry. My friends and family know it as the junk mail industry, and that's exactly what it is, if it's done incorrectly. Direct marketers work on an ROI model. If I spend X, do I get Y, is Y greater than X. In direct mail it's very simple. I spend a dollar to mail to a piece I need a certain response rate and a certain return on revenue. E mail just opened the door. There's virtually zero cost to sending E mail. There's virtually zero cost to sending an SMS message at this point. I think regulation or some sort of, I don't know how to -- I'm not here to recommend legislation per se but I think that companies such as our clients, the CNETs, the Palms, the Tupperwares, the Bank of Americas will not be using SPAM because that affects the brand integrity. There will be small upshots looking for a quick buck. It's going to happen. We're going to see it. MR. PEELER: Steve? MR. LUCAS: I've got an example here on my Palm of SPAM. I don't -- I can imagine how they got my information but my concern here is also that in this type of device I'm paying for this. This is not free. These devices have limited storage capacity so this is taking up storage on my device. I don't think that a lot of times the use of SPAM and unsolicited advertisement has been associated with free space, and I don't believe that that's an issue. I think that the legal precedent, Rowan versus the Post Office, Turner versus the FCC, are going to apply to this area also, and I think while the Internet suffered a big hit because of SPAM, it caused a lot of problems with advocates. If anybody's experienced being blocked by the MAPS organization, it's pretty significant. I believe this type of activity in the wireless environment will have a much greater impact on consumers. We talk about -- I heard throughout the presentations today that the Europeans are way ahead of us. I believe that I've read a lot more about the negative impact of some of the advertising that the people, for example, in Hong Kong are getting pretty fed up with receiving a lot of the push type advertisements. And again I think the example that you showed of putting in a Zip Code having something pre loaded on my PDA and then requesting information is the way to go, and with a limited ability to store preferences on this, the limited ability to present disclosures, I don't see how any other model is going to work other than where I go to the service and I subscribe to the service via an opt-in or that I have some kind of application as you demonstrated where I can request information from my service provider or from an advertiser. MR. DONAHUE: Lee, I think one other point is unlike what people are doing when they're sitting in front of their computer and spending a lot of time online and spending on more time online. When someone uses a device the likes of which Steven just talked about their intention is to spend a fraction of the time that they spend on a computer. They are not going to have tolerance for anything that they don't get when they want it. I really believe that. MR. PEELER: So would it be fair to say at least among this panel there's a fair consensus that it needs to be permission based marketing? MR. HARRISON: I certainly agree from a proactive push standpoint that the consumer needs to opt-in or double opt-in as we've heard that explained earlier. In the case where a user is going out to a destination web site, online site or wireless site for that matter, and they're receiving information, a stock quote or if they're receiving news or sports or weather, whatever the case may be, an appropriate advertisement that is monetizing that content for the content provider I think doesn't necessarily require a consumer to opt-in, although one way to perhaps handle that would be like the Weather Channel did if you guys may remember early on when I first got my Sprint PCS phone a year ago and when you went to the Weather Channel, the first thing that came up was a disclaimer that said, This is a free service and that we reserve the right to do advertising on this service subsequently. So maybe that's the way to mitigate I guess the initial sort of opt-in that a consumer may make to receive that content, but everything I think it would be incredibly annoying if I'm getting news stories and I have to agree each time to an advertisement that comes down with it. MR. PEELER: Now, I think the examples that were shown illustrate different approaches for cell phones and for PDAs, and I guess one question that we would like to talk a little bit more about is will there be convergence of these two products? Are they going to come together such as the advertising will be similar, and what could we expect to see three or four years out in terms of advertising on these improved products? MR. PETERS: I think that was addressed earlier in the panel, and I echo what was addressed. I believe that there will be a convergence of the devices but it will not reach every market. There are people who want cell phones because they want it small and sleek as mentioned before, and there are people that want PDAs because they want a large screen. Those are very conflicting devices. There are, as mentioned earlier, Handspring is about to launch their -- they've launched the Visor but I don't know if they're about to launch or they have launched a modem card, a wireless modem card to go in the back of that slot. That will appeal to somebody. Personally it won't appeal to me because I'm really focused. I don't use a cell phone that much I use a PDA. However, there are people who will want a combination of the two so I think there are different markets. As there are 80 or 90 devices now, there will be another 20 or 30 in the next several months. MR. HARRISON: I would add I don't know what kind of convergence there's going to be. I think there will certainly not be one device but I do think that the phone will be the handset and the volume leader. I think if the numbers are such today and the cost basis is such that these carriers, they make money with volume phones, and the price needs to fall into a certain area such that consumers can buy them or they can cover the cost through service plans. So I think phones will be largely the volume leader, and more and more we'll see better kinds of PDA services so calendaring, address books, but we'll also see better web capabilities in these devices, although looking at the IPAC, I can see how in terms of being able to do really robust web browsing -- I can see how for at least the foreseeable future, the next year, two years, that kind of device will be a better device overall to view the Internet because it's basically like a mini PC. It's a very powerful processor, high color graphics and a bigger screen than what I would have on a phone, but the phones will be the volume leader. MR. DONAHUE: I think the graphic limitations, Lee, of this, even with larger size screens than we have, now will be a very limiting factor as to how much advertising is going to be in this space. I've seen some numbers which I didn't believe the Internet numbers four or five years and I don't believe the numbers I see here, even if I represent the advertising business. I think the opportunities for interesting new ad models are in voice more so than in graphic. I think there's a great opportunity because you're not going to be limited by a graphic constraint, by three by four, and I think you'll see some interesting -- I think you'll see the interesting agencies start developing interesting voice advertising, maybe even more interesting than they've done in the off line space. It's going to take a lot of creativity but I think there's some real opportunity there. MR. LUCAS: I wonder if we can address a different type of convergence and one of the questions I get asked most often is why is the Internet treated differently than the off line world, and I think there's a simple explanation for it and that's that the Internet has removed a lot of inhibitors of doing direct marketing, the ability to network databases. The Federal Trade Commission has been very, very up front about their concern about the merging of off line and online data. What I haven't heard a discussion of is the idea that in the wireless environment often data that's been obtained through customer billing records has been obtained in an off line mode and is being permitted to be merged with data that's been captured in the online mode. And I'm concerned that we're holding a different standard for the wireless, for the Internet, for the off line and I think there's some really privacy implications of being able to take off line account information and using that to personalize, to generate advertisements. I think it's going to cause a lot of consumer confusion if that's allowed to happen without the consumer being engaged in the process. If you read the studies on privacy on the web I think the same thing applies to the wireless world. When consumers are engaged in a relationship, they're more than willing to give that information out. In fact they're more than willing to give out more accurate information so I think when we talk about convergence, we start talking about the convergence of PDAs, for example my information that I've given to PALM.NET and the information I've given to AT&T, I have some concerns whether that information is also going to be converged to create one massive record about me. The concern I have is that there's been a debate for quite some time about the non personally identifiable information on the web, the use of browser based information, that a browser is not unique to the individual, multiple people can have access to the same browser. I don't think that's the case when we're talking about these devices. We're talking about CPNI that is uniquely identifiable. I don't share this with anybody else. I don't think people share their cell phones amongst many users, so I think there's some different implications here when we talk about the data we've talked about, even though it isn't personally identifiable, it's certainly uniquely identifiable. MR. PEELER: Well, and I think that brings up the whole question of just how effective this form of advertising is going to be and how important the targeting of the advertising will be to its success. Mike, you want to speculate on that? MR. DONAHUE: Well, yeah, I think it's going to be -- I think this is going to be probably an even more targeted medium than the Internet, and I think once again, just the very fact that for most of the devices, especially if the cell telephone ends up being the device of choice and if the receiver pays method continues, there are ultimate targeting opportunities. The question there is who's going to own that user. Right now the carriers are the ones who have the data. They're going to have to decide how much they're going to share with the content people who want to send stuff to these units and having said that that's still going to have to be an opt-in model. I think there are enormous targeting opportunities, but I think the absolute amount of advertising that will be spent on this is a lot less than most people think. The incredible thing I think that's possible, the opportunity for customer relationship management is probably going to be better on here, maybe just because of the ability to target better. I think if you do it right, the churn will be a lot less once the advertising model develops than it currently is, and churning through the cellular telephone base, so I think the opportunities are great but it has to be opt-in. MR. HARRISON: I would say too that we're sort of in the bottom of the first inning of this industry, and if we take exactly what worked in the wireless space and maybe what didn't work quite so well in hindsight and try to apply that to -- I'm sorry, the wireless, I'm talking to wireless, we're really going to miss the opportunity. You had mentioned voice a few moments ago, and one of the interesting things about these devices is today you can't have a really smooth transition from a database -- a data oriented web browsing section and then integrate with voice, but when we get into the next generation, two and a half and three G as that gets deployed here, at least two and a half G, hopefully the latter part of next year with certain carriers, will start to have packet based capabilities which will enable the user to get information that is possibly web based, but then they could immediately transfer over and say, I would rather hear the movies that are being played at the movie theater instead of seeing it on your screen or vice versa. You could be talking to your travel agent and getting the flight information or giving her your flight information and seeing displayed back on your phone the information textually because it's easier to consume it. The point is simply there's opportunities for advertising there as well which can better take advantage of the medium and do it in a way that is different than you've ever seen on the wired web. MR. PETERS: I agree. We talk about M commerce and M commerce emerging and just about to be a big industry. Well, M commerce is currently a fairly significant industry. I wouldn't say it's a major industry, but by the nature of the fact that we have cell phones and we make phone calls to our travel agents and we make phone calls to LL Bean to buy something out of a catalog on a cell phone, probably not a realistic scenario, when you're traveling and you're making a purchase, that is M commerce. You're doing it through a particular application which is voice. The problem is on the other end of the line is another live voice. When I call United airlines to book a ticket, they've got a live body on the other side or if I call into check my flight arrival time or departure time, I'm calling in. Right now they're using voice recognition and you can navigate a voice portal. The reason they're doing that is because it's in their best interest. They're cutting the cost of that call from $5 down to a matter of cents, so the value in the wireless web is not navigating like we're used to seeing the web. It's customer relationship management. It's getting your financial information, getting your stock quotes, getting your arrival and departure flight information, leveraging that customer relationship and taking it to a stronger point. MR. PEELER: And to that extent the voice portals are part of the future, a big part of the future? MR. PETERS: My firm belief is voice is going to be huge. Voice is the killer application for phones. We conducted an interesting experiment just kind of haphazardly about three weeks ago in our office. I got challenged to use Tell Me, which I'm not that familiar with. I've used it but I'm not -- easy to navigate on it. The challenge was one of my technicians who was born and raised on a web phone as far I can tell challenged me to find the Charlie's Angels play times at a local theater. I was local in a conference room with these guys. We went for a race. He beat me by about 20 seconds so it was about a minute 14 seconds versus a minute 35 seconds. I think the interesting point was somebody said right after that, well, if you would have called 777-FILM you would have gotten it under 30 seconds. But the point is also the technology is not yet there. It's improving daily. It's improving hourly. The voice recognition, the voice portals are going to be huge. Again they're taking the cost out of the business. It's going to be beneficial to the consumer, and that's the way we use our phones. We don't want to be sitting here trying to get 15 lines of text about the top news story from CNET. I would rather hear it over the phone. MR. PEELER: Now, in the examples we saw in the beginning, we saw some examples where you were asked to respond to the web site to put in your E mail address or put in your ZIP code, and the voice portals will obviously be collecting some information about which instruments are getting back to them. How important is that information that's going to go back to the advertiser and what is it going to be used for? MR. HARRISON: Well, I think the bottom line is information is always important and hence privacy and protection of information is also extremely important. What today we can get on a phone, on a web phone, we can get a subscriber ID, gateway information. At one point early on they even had the phone numbers which were transmitted along with a WAP request, and so we've gotten certainly beyond that point now. But that information is collectible, and today at this point I don't know if anybody has figured out what the value is of that information, but I absolutely believe that as we progress and this industry progresses there will be opportunities to use that data for ways that benefit the consumer and I'm sure folks will find ways to use that information to take advantage of the consumer. But it's a pace and the industry is moving so fast right now that we personally aren't doing anything with it. We're trying to build infrastructure technology to enable advertising and promotion and interesting response mechanisms to enable this industry but yet we have not ourselves figured out necessarily means to use that information. MR. PEELER: And I think that gets us directly to the question of how can we use this technology to make disclosures to consumers that are either required by the advertising claims that are made in the ad or necessary before you submit your personal information to a voice portal or to a web site? What types of capabilities do we have on these very small screens with fairly slow speeds to provide information? MR. LEWIN: That's the top question as far as certainly many people concerned with privacy are concerned. Let me make a couple observations as a context, just some of the remarks I would like to make. First of all, I would just like to say the ad agencies are learning and have learned that you can't use the same ads when you've got a 15 inch monitor as when you have a cell phone and a PDA. The same thing holds true for notification and the mechanism we're going to be using to kind of convey to the consumer. You and I holding a device in our hand something about the practices of whosoever is calling us or accessing, and the guidelines when we talk about the guidelines that again have to be with the backdrop and we're also talking about situations where there are other uses for these devices, not just ads, and the displaying of ads but people are using these devices to collect information. Earlier today we were involved in a conference call where we were announcing our E-Health seal program, and doctors are talking about these hand held devices for diagnostic tools and uploading and downloading material, very sensitive information. Products like this will also be in the hands of children and so forth, so all of this says that whatever guidelines we come up with, it's got to be with this framework. It's not just looking at it from an ad point of view. Also it's important I think and very gratifying frankly regardless of what end of the spectrum you're on in terms of what you feel is the right approach in this environment, everybody seems to be starting off with an attitude of if you're a pro technologist or a pro legislation or law or you're a pro self regulation, I think there's general agreement that the two incorrect answers are one of the above or none of the above. That probably the best answer, the most correct answer is all of the above and it's finding out where that mix is, that I think we're all coming from and starting into. The use of symbols in how we convey a message because we have to deal with the let me use the word footprint or eye print that we're going to have on these devices leads you to believe whether it's voice or symbols or what have you in giving meaning to these symbols. There's one thing that we are learned in the let me call it now the traditional E commerce field. There's a dichotomy in trying to be clear, concise but comprehensive when you're trying to put together your program or your policy or whatever you want to call it about privacy and security. You're beat on to be very comprehensive, but, Oh, by the way do it in two paragraphs that an 8th grader can understand. It's not a trivial task, but we have to take this store house of knowledge and see what we can do as far as giving some symbolic understanding to consumers that really addresses the issues given this framework of conduct that we just talked about and I think therein lies the challenge. The good news is just like we found in the traditional E commerce field, it was very hard to retrofit a privacy policy if you already had something in place, and then you became privacy aware and then you tried to correct the situation, it's better as any engineering person would tell you if you can build it in, and I think we have all the players. In the last two days I've heard everyone from the carriers, the people that build the gateways, the hand held devices, the content providers, all speaking the same language, and that's very encouraging because we weren't there three years ago, four years ago, five years ago, so we have a better understanding of the issue. And I think some of the things that were talked about in terms of what's being done with the P3P and the WAP is more understanding of somehow making these things play together because that's one mechanism, not the answer but one mechanism to implement some of these things that we're talking about, in conveying the kind of we call them symbols for want of a better term to deal with some of the devices that we're talking about here. So I think those are some of the things that certainly from our perspective that we feel are going to be some of the exciting challenges that we see, but we don't look just at the ads but all the other potential uses that people are going to have for these devices. MR. PETERS: I agree with that I think also the term advertising is concerning to many people. I don't think any one would raise their hand if I said, Do you like ads all the time. There's a time and place for advertisements, and these devices we're talking about we've seen and we've discussed over the last two days are productivity devices. They're used to get information, to give information, to expedite our lives. There goes one now. The idea -- there's been some discussion of potentially giving away free cellular service to users in exchange for ads. It's been tried in the land line world. I don't know how successful it's been. I've never heard of a company being majorly successful. I know they're still out there. They haven't shut their doors, but if you think about it, the people who are going to be willing to exchange advertising for cellular service are none of my clients' target audience, so that just is not going to fly. They're teenagers. They're college students. They're not people who have a high disposable income and not necessarily people that I want to bring my clients to offer. MR. LUCAS: I agree that people may not be willing to exchange cellular service for advertising, but I would argue that there may be a market for people who are willing to allow their information to be used either in aggregate or individual form. Kind of like the supermarket shopping cards. If it's convenient for someone and it isn't obtrusive I think these devices have an incredible opportunity to benefit consumers as a whole. So I think again getting into the issue of permission marketing, if we really truly engage the consumer as you pointed out in a real customer relationship management environment, this could be the biggest thing that happens to advertising in the last several decades, so I think there's a lot of opportunity for consumers to exchange the value. As one of the speakers said before in the new millennium, the data is going to be one of the principal ways of the encryption of wealth, and if data is the currency of you want to say the web and the wireless, I think there's an opportunity for consumers to exchange that, but again as long as it's in a consensual manner, I think it's a tremendous opportunity. MR. HARRISON: We've been too agreeable here, so I'm not going to agree. I'm not going to disagree, but, Lee, something you started this last question off with. You said essentially that your hypothesis was that these things are slow and the screens are too small, so I would simply argue that. Yes they're slower than what most people have in terms of dial-up or at home or clearly what you have in LAN access in your offices and, yes, the screens are a lot smaller. But because the screens are smaller and they're black and white and they don't have quite the richness of the interface you don't need as much information so you can get a news story on your device. You can get information that you are trying to target and go after. And in fact you could also I believe provide some kind of beneficial advertising message even though clearly where we're at today is not where I hope to be next year and the year after. We're building for a future, not building for what the capability is today. But having said that I think Marc made a point earlier about the information that he could get on a receipt, and back to your question about disclosure. I think there's a couple opportunities for doing disclosures on these devices, and two that immediately come to my mind is if you see a promotion, frequently there are -- there is room beneath the advertisement where you could scroll down and you could read details about the promotion. So just what you see on your device is not the extent of the advertisement or any kind of informational message for that matter. There's ample room to put several lines beneath that, in fact several pages beneath that where the user can scroll down and get additional information. Likewise, you could get information at the bottom of the screen in the link section. You can have one that says, for example, notice or disclosure, that's getting too long for links perhaps, but there's some verbiage that could identify an area for the user to get more information about the offer or the promotion that's being made. And lastly I would say that you could use the call through capability of not necessarily a PDA at this stage but of a phone to enable the user to call through either a call center or to go to some destination site that has a recording where they can hear the specifics of an advertisement disclosure. But some things won't fly. For example if you had an ad for the medicine Prilozec, you have 14 pages of disclosures that follow in a magazine, one of those kinds of advertisements. I don't think that would ever be effective for a wireless device, so just to end this long spiel of talking here, I think the bottom line is there's going to be advertisements that are appropriate for wireless devices. There will be opportunities to do disclosures appropriately I think for those kinds of advertisements as well using the methods I just mentioned. MR. PEELER: Steve? MR. LUCAS: I'm really heartened to hear you say that because I think that's the right model. I think if we try to do too much disclosure on these devices it's going to become an obtrusive experience for the consumers and they're going to abandon it. Having said that I think it's important that there be the availability of a disclosure. Whether we like to hear this or not, a very small percentage of consumers online will eer click through on the privacy policies and actually read them in their entirety, but the fact of the matter is under Fair Information Practices they have to be there so the consumers that are concerned about it, it should be there, and if we go to an opt-in environment and a permission based marketing that should be I would think sufficient. If they can go to the web site, for example, or call an 800 number to get detailed information about it if they have the opportunity through the advertisement or through the carrier to get information if they so decide, that should be sufficient especially if you're in an opt-in environment. If I go to a site and say I want advertisements from you it's up to the consumer to understand what they're signing up for. So I think that's a good model because I can tell you on a Palm for example if I get advertisements in between messages that are critical to me, that can cause me to abandon this as an effective tool. MR. PETERS: I think very few consumers read disclosures, period, whether it's on printed paper or whether it's on a cell phone or on an Internet page. I worked for a bank for a couple years, and we did credit card marketing. We actually studied in a focus group the effect of. I can't remember the name of it, it's a box with the APR disclosure and the annual fees and all the terms and conditions. One of the focus group studies we looked at is where we position that box. If you put it on the back of the main letter in gray text in 5.5 and a half point type or whatever, people were fine with it. As soon as you started calling it out or putting it somewhere else people started to look at it and say, oh, my God, what is this, so I think that you're completely right that we need to give the user the opportunity to get that information and the disclosure. It's probably just through another medium. If it's a 21 page document, in that case it would be a lead generation, yes, I'm interested, send me some more information via E mail, I'll read the 22 pages and I'll sign something and send it back to your firm. MR. PEELER: So is the suggestion the disclosure limitations will limit the types of marketing transactions you can do in the environment, the wireless environment? MR. PETERS: If you have a relationship with a customer I think you've already -- you can go through a different media to get that disclosure to them. When I go on to do online banking, I can do it on my Palm Pilot through a wireless connection. What I have done is I set up my account. There's no way I'm going to set up my account for online baking on a Palm Pilot. It's too cumbersome, I did do it on a web page. It notified me that I can look at my account balances and balance transfers via my Palm Pilot. So I opted into that. The disclosure was presented to me on a web page. I agreed to it and now I'm using it through this cellular connection. MR. LEWIN: I think one of the things that has to be considered is the point Steve brought up earlier about we're talking like a per incident basis, and sometimes again the big concern that a lot of people have are these data accumulate competitors. If you can accumulate this information on a per instant basis through the hand held device, but is there any intent to combine this with additional information that's somewhere else, and bringing together a more complete picture if you will of what the individual is unbeknownst to you. And to me it's got to be from this point of view that if indeed those are some of the things you're talking about, then we need to find a mechanism to disclose properly to the consumer, to the user, to you and I what the intent is and don't look upon these as just like a transactional basis because that transaction may be used for some other things and if it is, then we've got to notify people about it. MR. PEELER: Does TRUSTe have thoughts about how it would do that? MR. LEWIN: Do we have thoughts? Yes. Seriously it's an area that's extremely important to us for a number of reasons. It's just a natural evolution. We've gained a lot of experience and ideas about how perhaps it can be done more effectively with some of the technologies and there's been a lot of steps that were done in the technology that weren't there two years ago. And that's the reason why we're here and want to continue the discussion and dialogue because we're all shooting for the same place, and it's deciding what mixture is going to be the most effective to get us there, so we think some combination of the use of technology that perhaps the use of symbols, some of the phone in items and we talked about for more extensive notification, some form of contract or agreement with the carrier service or what have you, some combination thereof. But it would be good if we can do this in a context rather than on a per incident basis which I think drove us many times in the past, so that's a long-winded answer to say yes. MR. PEELER: Let's talk about one specific example. You use your cell phone to go to a page that will give you stock quotes, and at the top of the page of the stock quote, there's a banner ad that says get this credit card and zero percent interest until June and you click on it and there is an application there. Now, there's a lot more you need to know about that transaction. There's some privacy implications to providing the bank with the types of information that they need to evaluate your creditworthiness. How do you address that issue? And in the Internet environment that's pretty easily addressed. The great thing about the Internet with some very prominent links, you can get more information than you ever wanted. How do you address it in this environment? MR. LEWIN: I'm going to throw out some just off the top of my head in a scenario like you're just talking about, for example, if you clicked on that with your device, maybe it displays a number to call or gives you summary information, call this number for more complete and depending again on the nature of the transaction you have to get something signed or what have you or sent or E mailed through some mechanism. It could be a symbol type of connection that again depending on the wireless device. It automatically connects you to a server of some type that you enter into a dialogue, whether the information is logged and what have you. There could be information that has already been downloaded to your device so you click on it. It comes up with necessary information to satisfy the requirements as far as allowing the consumer to affirmatively say, yes, this is something that I want to do. There may be things that you can do with the actual symbols themselves as far as what they mean and have a pre defined for these types of transactions we're going to do this and therefore these symbols are used. Those are some of the things that just scratching the surface that are possibilities that we can take a look at kind of addressing the question you talked about. MR. PETERS: If it's connected to an 800 number, that's it, don't let them -- the advertiser does not want to have the opportunity to lose them because I can't figure out how to put a B in here for my first name. Put me through to an 800 number, an intelligent representative of the company on the other end and that's going to close the deal. The key word there is intelligent, and what's going to happen is the voice portals are really going to have to get their stuff together, and that is the killer application, the voice portal, if you can really get this thing done such that I can recognize Barry Peters and I can recognize my Social Security number, repeat it back and then get something out to me in the mail that's going to make the companies who are processing at the back end a lot happier. The costs are going to go down. Consumers are going to be happy, and I promise you if I give you the opportunity to use voice versus trying to type your name and address in here, I would be surprised if any one in the city would be unhappy. MR. DONAHUE: You keep hearing voice more than text here and I think that's realistic especially as head sets develop more people are going to probably spend a lot more time listening to what they can get from one of these things than they are just by looking at it just by limitations. I don't think many people would probably want to execute the scenario you said other than going to a web site, but I think the voice portals also give opportunity for verbal follow policies. You can sit there and listen for a minute and a half, and you might be more patient to that rather than trying to scroll your way through one of these links. MR. LEWIN: A couple comments if I may to add-on to that. And I agree, it's a natural to use voice and so forth. You've just got to put in a mechanism as you change your policies. The voice is a very transient mechanism here. So what I've heard two weeks ago may be different now and so you need to verify that or you need to consider that in your implementation, and there will always be a need for a dispute resolution process that if two parties agree to disagree, there's a mechanism for getting it resolved and looked at and just making sure it doesn't happen again or exercising the best judgment to make sure it doesn't happen again. That will always be part and parcel of what we're talking about. MR. LUCAS: There's a couple areas that we haven't addressed that I think we need to think about, and the first is access. What is going to be the policy of the companies that are engaged in this space on access? We have the advantage and in many cases, especially in the cellular area, that we have access to our bills so we know a little bit about what companies have about us. What we don't know is when you take a look at what's collected through CPNI, like when we call directory assistance and we're connected automatically to different companies. That information is being collected, how is it being used so I think we have to start talking about what are going to be the access principles for customers that are engaged in this kind of environment through their carriers and through companies that are dealing with this. The other is security. I think a lot more people on their laptops put passwords in to protect their laptop than they do in the hand held devices and the reason being is when I get -- when my phone rings, I don't want to have to key in an access code. We have to talk about, if we're going to push and pull information down to these devices, granted a lot of the onus is on the customer to protect themselves, but I think we have to be aware we can have the Exxon Valdez of privacy. I lost one of these and luckily I had gone in and made the sensitive information private. Had I not done that and someone had found that and I had home phone numbers of some fairly significant people, I don't think they would be very appreciative of the fact that I had lost that, so I think from an access and a security standpoint, we at least have to come up with some framework as to how we're going to deal with that. MR. PEELER: I think that goes to the question of what the general privacy protections are around this data that's collected to help target these ads back. One of the other issues has been for disclosure is whether the carriers can serve as a proxy for or a surrogate for the advertisers in making some of these disclosures or whether a technology similar to P3P could be in place so the consumer is not actually reading the disclosures but is actually specifying what its preferences are in terms of marketing and data collection and have their wishes implemented that way. Comments on that? MR. HARRISON: If I were a carrier I don't know that I would want to be the disclosure point for all of the potential advertisers on my system, but I'm sure we have a few here that might want to comment, so I think there are ideas that we can come up with, be it 800 numbers, send me E mails, link to wireless web sites, link to wired web sites where you can get more information that in my opinion would be more effective than having the carrier try to coordinate and consolidate that information for all of their content providers and all of their potential advertisers. MR. LEWIN: I agree that we can't require the carriers to be the ultimate clearinghouse for all that information, but I would also argue that my relationship with my phone company and the various PDAs that I might use, that's my primary relationship, and in the event I receive an advertisement that I haven't requested, that I haven't opted into I would expect my carrier to get involved in that because my primary relationship from a privacy perspective is with my carrier, not with the various advertisers that I -- when I say I'm opting in to the specific use of my data and that request isn't honored I'm going to go back to the carrier and ask them, have they sold my information to anyone. So I believe that the carrier is going to have some responsibility and ultimately may in fact be the best place to have a clearinghouse for anyone that wants to advertise on their network. There should be potentially a link to that site's privacy policy or some link to -- some way of like say an 800 number as to how you call these people directly because again that's my relationship. They're the ones that are ultimately responsible for the service I get. MR. HARRISON: The problem with that though becomes when you go outside the walled garden so to speak of the carrier. It's analogous to the wired web in that you could go to a destination that the carrier has absolutely no control over or no relationship with the content provider and see an advertisement. And that is totally under the -- maybe in that case the control or your beef might be with the content provider you're going to, but the carrier in the context of where you're pulling information down by surfing the wireless web, it's completely outside of the control of that carrier potentially. So I don't know how you could have a beef with them because you're just using the conduit to get to that destination site and it's just information that's coming across that pipe and they don't know if it's an advertisement or it's content. MR. PEELER: Barry, you were going to add something to that? MR. PETERS: No, that's exactly what I was going to say. I think there's push versus pull and the trick is with push I think the carrier will be responsible for to a certain degree. Once you get outside of the carrier's network and you start surfing the web, you hit a site, I am not sure, I'm not a technologist but I would imagine it's not difficult to pick up something such as a phone number or at least at some point shoot a cookie out so I can get back to that person. The carrier in that situation has no ramification. You can't block that I don't believe. MR. PEELER: Well, I guess what I'm hearing is this distinction between push and pull is really important for this form of advertising, that people think the permission based advertising is what's likely to be most successful, that despite that, we think there should still be some instance of SPAM and SPAMing on this environment, the targeting is important and therefore privacy is as we've heard all day today an essential issue in this market. And I think with that summary, we'll go to the question and answer period, and I would remind people that are upstairs if they come down to the fourth floor doorway, come up to the fourth floor they'll have a microphone there that they can ask questions. MR. STUTMAN: With respect to the comment about ads being pushed to the device, et cetera, how would you propose to separate common messaging for example your SMS address now is your phone number in an open gateway and obviously there's easy ways to SPAM all this, and it hasn't happened through the grace of God. So the question is if you do close this so to speak from the standpoint of pushing ads, how would you deal with the simple messaging capabilities as it already exists. MR. LUCAS: We have to develop technology to enable consumers to basically permission different types of content coming down so, for example, if I opt into participate in SMS messaging based on the heard information, I believe you can filter those messages out, so say for example I want to get SMS, I don't want to get advertising messages. We have to develop the technology where if consumers -- whether it's an opt-in or opt-out there's always going to be a debate about that from a marketing perspective. MR. PEELER: Speak in the microphone. MR. STUTMAN: I agree it can be done, I'm simply saying given that some of us are on the air right now, how do you propose dealing with it tonight? MR. LUCAS: Well, tonight I don't know if we can get it solved by the end of business today, but I think how we should deal with it is again by getting industry to sit down in some manner and deciding on some best practices and then providing consumers with some method of being able to opt-in and opt-out of receiving various types of service. Obviously if it's an opt-in environment, then I have an expectation of receiving certain types of content. If it's an opt out environment, unfortunately you're placing the onus on the consumer, and my concern about that from a marketing and advertising perspective is often what happens is the significant reaches the saturation and PO'd point well -- that point happens simultaneously with them opting out of everything. Now rather than being able to selectively pick what they want to hear about, they get so enraged by it and we lose potentially the ability to benefit consumers. MR. STUTMAN: I agree with you with respect to the PO point which is a term I'll use without attribution in the future. We for example started on our site with an SMS gateway that had a pin, and the idea was to lock the sorts of things that you're discussing. Then we found some people said, oh, I don't want to have to tell people what the pin is, I want to be Steve or S. Lucas at ClickaDeal, and I'm not going to worry about the darn pin, so I'm simply looking at that issue from a practical perspective because again talking about the PO point, if it's reached, none of us make money. MR. PEELER: Next question. MR. LEMAITRE: Marc Le Maitre from Nextel again. My final contribution on the PO point since I now have a new metric I offer a word of hope. We can all indulge in some primary research on the way home this evening to find out the PO point. As you listen to the radio if you drive home by car this evening I would suggest you listen to public radio, focus on how long the announcer puts up the advertisement about the companies that sponsor it. When you get home, sit in front of the television and figure out how long it takes before the advertisements start to grind on you and you want to get back to the program and understand who's won the election. Sit down in front of your PC and get your E mail before you go to bed and figure -- do you pay a time tax. It's the time it takes to pay for the content you just downloaded and figure out what your tolerance point for that is. And if you then apply that to the wireless device, what I would suggest is the years and years and years that the advertising industry has figured on your PO point on these other devices will translate to the wireless device and you'll probably find it's significantly shorter. One thing I haven't heard mentioned up here which I thought was the notion that doesn't alert you every time you walk by a store. It just has a screen saver instead of the phone ready, which I noticed you are a Nextel user. It says phone ready. What does that give you? The notion that the advertisement will change and if you don't interact with it, it's just again all subject to privacy, but the fact that the advertisement will change as you walk around will give you the opportunity to have an impulse purchase at any time. But it's an interesting. I never thought of the new metric. We shall now refer to it as the PO point. MR. LUCAS: I agree wholeheartedly. I think the degree of brittleness in terms of this particular medium is going to be quiet a bit higher than in any medium. As a medium then it is on the web because it's much easier to -- there are all kinds of tools and technologies available out there that can allow consumers to have some degree of control, turning off graphics, not going to web sites that we know are going to have large amounts of advertising. Putting filters on E mail. Granted you're only talking about the privacy pragmatists and the privacy purists that are going to take these extreme steps. If I want to be productive I have to have a cell phone not only for business but for emergencies so I have no choice in the matter. So if we don't respect consumers' privacy and provide them an opportunity to engage us, it's going to be a short lived advertising. MR. DONAHUE: To your point, Steve, this is a burst appliance, not a continuous appliance. You have to look at it that way. MR. LEWIN: I'm trying to imagine walking down the street and looking at my cell phone and my PDA looking at these ads coming down or the thing beeping at me. I just envision people walking down K Street, beep, beep, beep, beep. I'm not sure about this. MR. LEMAITRE: I would agree but when you go home and watch television this evening you have a choice. You can watch commercial advertisements or you can watch Pay Per View, so I would suggest it's not that bad and one final point on this user interface. I actually believe that the killer application is for voice and has been for some time, but it's the interaction of the two. I think the ability -- it's how do you convey your intent because this thing becomes very transactionally oriented on a wireless device specifically like you said because the pain point is very near, and so it's a combination between the two. If I can express my intent to the wireless device by voice best, that's the way I'll do it, but as far as exchanging my personal details into it, I'm not going to speak my Social Security number into it or my credit card into it. I'm going to push a button and say, Do you remember me and have that transacted as part of some bigger governance so I think you're right there, but it's a combination of all the components that have to come together. MR. PEELER: I would like to thank the panelists for their presentations. Before we break, I would like to reintroduce Jodie Bernstein of the FTC. MS. BERNSTEIN: Well, you all have been wonderful. You all have been absolutely wonderful, if for no reason than you're still here and still working with us. I know it's been a really, really hard and exhausting couple of days, but worth every minute of it I think. So first of all I wanted to thank all of you, all the participants, the panelists particularly for coming and participating in such a broad range of issues and discussions with us. It was extremely interesting and very educational for me and for others here at the Commission, and you made that possible, and indeed I think I heard -- and of course we always sort of speculate about whether or not we will hear any consensus emerging from a workshop like this, and I think I heard the first one, and that was the widespread compliments we received for convening a workshop. Now that was important to us and it was made possible, of course, by your participation, and most particularly, and I do want to mention them before I leave anyone out, I do have to put my glasses on for our staff that really put this together, Ellen Finn, Stacy Feuer, Allison Brown, Beverly Thomas. Lisa Hone, Jessica Rich and Anne Maher and numerous others throughout the Bureau. It was really because of their work working with all of you that we were able to achieve what happened here in the last day and a half, beginning with the chairman, I think who set the tone for the kinds of workshops and the great sense of people coming together to try to work through some complex issues. So what did we learn here? Well, we learned a little bit. I think we learned a lot. Wireless technologies have the potential to provide consumers with all kinds of benefits in the home, in your cars and as you move through your daily lives. The range of technologies, range of possibilities from these technologies is really, really impressive. At the same time we heard about the challenges that we will all face together I think as we deal with these new very complex kinds of issues, and then I thought to myself as I was really listening carefully, Well, really are they so new. And permit me to share with you my sense of coming full circle that maybe it wasn't really so new in this way. When I first used the telephone, learned to use the telephone, this is how it worked. I picked up the receiver and a real human being said to me, this is the operator, Jodie, what do you want. And I said, I want to talk to my dad. Well, didn't I give you the number yesterday, I told you what the number was yesterday. And we had a wonderful conversation about a lot of things. Was there privacy? Well, there was if we could trust Lilly the phone operator. Was there security? There was for my mother and father. They always knew where I was without a locator. They always knew where I was. That's the way things were done, and it was pretty private and it was pretty secure. Now, I have to mention one other thing, we were on, and this is really honest to God true, a party line. We were on a party line, and if it really got boring on a snowy afternoon in down state Illinois, I would just go upstairs and listen in and see what was Mrs. Carlson having for dinner because she was probably discussing it with somebody on the party line. Entertainment was provided. It was -- so really that's why I feel there is nothing new here. It's just that it's going to be faster and quicker, and we have to learn to deal with it faster and quicker. I do think that there were a few areas again of consensus that were emerging, and I will only mention a few of them, and then we will follow up with -- and we really haven't reached a conclusion about how to summarize this day and a half but we will conjure on that and hear suggestions from all of you, but in the meantime, let me first at least mention some consensus that I think we heard emerging. The first is of course that privacy and security must be provided if this is to be a viable medium, and in addition that consumers really will not tolerate being flooded with unwanted commercial messages without having the ability to control it and that commercial messages they do get should be truthful and accurate. So there's a set of principles that again are not new to us, but I think we were all agreeing had to be provided if this is to be the kind of success that we know that it can be, but I think I even heard -- I know I heard David Sobel express what he heard by way of consensus that consumers should not only have sort of a generalized notice but rather consumers should be well informed. I think that sort of resonated with the group. It certainly did to me because it made good common sense. They need to be well informed about the information practices, and I even thought I heard some generally -- some consensus emerging about what was described as the spiritual discussion, opt-in or opt-out. Some people did call it a spiritual discussion. I was about to vote but my stylus wouldn't go through the ballot. Otherwise I would have. We could raise our hand but we don't need to. Obviously that is one area where we will all continue to work. There were good arguments I think for providing that kind of assistance. Beyond that the concept of the well informed consumer, there was a consensus I thought emerging that however these steps developed, consumers should be able to really understand what is being provided and be able to use it effectively, some discussion -- much discussion of security and a broad consensus that it's essential and will have to be provided. A moment on self regulation. I heard a good deal of discussion and description of what I would call healthy developments in self regulation of different types. As you all know in the Internet area, the online area, the Commission has and through our Bureau has had extensive discussion on those subjects, and in the latest Commission report on that subject have favored self regulation with a legal framework as a backstop, if you will. I think that consensus among commissioners has developed over several years of examination of the issue and in the kind of emerging consensus that seemed to be emerging throughout the country. That position of whether or not self-regulation can be effective without a legal framework is still -- different folks have different views of it. I would point out again only that the Commission had reached that conclusion in the online world. I look forward to continuing this debate and discussion. I particularly hope that we can continue with this group and with other groups that are as diverse as this one with different kinds of expertise. I know our folks are anxious to do so and to work on ongoing consumer education issues because it really hasn't started yet. We will need to have really the kind of creativity and imagination that I heard discussed among the advertising folks and others to be able to construct messages so that consumers can understand what this is about, can understand the great benefits that the technology will provide and at the same time understand what's valuable to them and what isn't valuable to them. I was taken by Larry Poneman's mother's remark that at her age it wasn't valuable anymore, and it did point out of course that this is a sliding scale, and some people find the same kinds of information more valuable under certain circumstances than they do in others. That's the kind of thing, the concrete discussion which will continue to assist the debate about these, the use of these new technologies. Again we all heard that it's still evolving. Nobody knows precisely what will be the success of any of the individual devices. We will however look forward to continuing to work with you and others. I think workshops are a tremendous innovation in terms of the government working with the private sector and with consumer groups. We will continue to use them. We will welcome your comments afterwards. We will welcome any comments you have for how we can improve working together and in regard to your wonderful compliments for our work here, my remark is don't tell us, tell our appropriators. Thank you very much for coming. |
